Please read the below FAQ’s to ensure best usage/most secure of stash:
What is Stash?
Stash is a tool to create & manage your own personal smart contract wallet, a DeFi alternative to having a cold/hardware wallet. It behaves like an air-gap for your assets, you manage it with admins & withdraw assets to approved recipients. Changing settings & modifying the recipients have a timelock delay before you can confirm them. Stash currently just supports eth & erc20 tokens, but in future versions there will be NFT supports as well as optional DeFi plugins so your assets can be used whilst stashed 💪 (But for now it’s just a secure storage tool)
Why would I use it?
Stash is a simple decentralized tool that allows users to better secure their finances (DeFi). It offers better security than hot wallets such as Metamask as well as security advantages over hardware wallets such as Ledger, by providing stuff like daily withdrawal limits. Stash isn’t for everyone though, since it is all on-chain it requires gas for transactions such as updating settings etc.
What is an admin?
Admin addresses manage your stash (such as updating settings or adding approved recipients etc.) when you create your stash you become the first admin.
It is recommended to have 2+ admins (incase you lose access to the first)
Your Metamask wallet is a good example of an admin, provided you don’t approve any of your Metamask wallets as a recipient for assets.
What is an approved recipient?
An approved recipient is an address your admin has whitelisted to be able to received assets from your vault. Recipients should be 100% unconnected to any admin addresses. For example you could have your hardware wallet or paper wallet as a recipient. Another example is your Binance exchange address, however make sure that your recipients can receive the assets your deposit. (Exchanges wont support all tokens, and some exchanges don’t support eth deposit from smart contracts)
What is the new recipient/setting delay?
This is to protect your assets if one of your admins gets compromised. By default Stash has a 3 day delay on settings such as adding new recipients & changing limits etc. You can cancel actions or after the delay period has passed you can confirm them (which will update the pending setting etc.)
Who can deposit assets?
Anyone can deposit to your stash contract. Every stash has it’s own address where you can send eth/tokens like normal addresses.
Who can withdraw assets?
Only admins can withdraw to approved recipients. The recipients cannot withdraw by themselves. You can also set a password for each recipient, allowing any address to withdraw to that recipient (assuming they provide the password).
What are recipient passwords?
Incase you lose access to all admins you can use a password to withdraw to the associated recipient from any address. Passwords are optional, but for maximum safety it’s recommended to set at least one up -as a last resort. Each password only works for the approved recipient you set it too.
Why does it cost 2.5m gas to create a Stash?
Because you’re deploying your own personal Stash smart contract.
How do I keep my Stash secure?
Since stash only allows withdrawing to approved recipients, it is vital these are not connected to your admins who can trigger withdrawals. The best way to ensure your stash is secure is by running through scenarios:
My PC stopped working (where my metamask admin of stash is)
- In this you are fine as you should have a second stash admin elsewhere. If you lost all your admins you can use a password to withdraw to a recipient. If you had no second admin and no password, your assets would be lost.
My PC was hacked! (where my metamask admin of stash is)
- As long as you didn’t store your recipients on your PC also, you are fine. Just use your second admin to withdraw funds to your recipients, or attempt to remove the hacked admin (takes the delay period to trigger).
I lost my approved recipients (paper wallet burnt or Binance locked)
- Since you still have access to your admins, this is fine. Just use your admins to approve some new recipients (takes the delay period to trigger).
So in summary, as long as you keep your admins & recipients separate (which means both must not be able to be compromised or lost at the same time) your stash is secure. Stash is a tool to allow you to manage your assets, but it is your top priority to ensure the assets are secure by air-gapping your admins & recipients from each other.
If you are not confident a recipient address is sufficiently separate from an admin address (e.g. recipient is a mobile wallet) you can set daily withdrawals limits for each asset, this means in the unlikely case where your admin & recipient gets compromised at the same time your potential loss is limited.
Advantages over Metamask?
If you keep significant funds in your Metamask (or a similar software wallet) you can be at risk of losing all of them if your PC is compromised. Whilst this may seem unlikely for you, it is always advised to reduce this risk. You can reduce this risk by keeping your significant funds in a cold/hardware wallet or a tool like Stash 💪 Stash can safely protect your funds in the case of compromised PC’s (assuming your recipient’s are not also stored on your PC).
Advantages over hardware wallets?
Stash can be seen as an alternative to a cold/hardware wallet such as Ledger, but can also offer security advantages such as a daily withdrawal limit on recipients. And if you already have a Ledger, stash can be used as a powerful combination. You would set your Ledger as the approved recipient for your Stash assets -this way your funds sit safely in Stash until you need them and would be safe if your Ledger seed is ever compromised.