Security Model

1. No Private Key Storage

ZapChain never asks for, stores, or transmits your private keys. It uses the standard Web3.js provider to request signatures only when rules need to be authorized. Actual transaction signing happens via your wallet (Hardware Wallet, MetaMask, or custodial provider).

2. Simulation First

Before any transaction is broadcast to the network, ZapChain can simulate execution using eth_call. This catches reverted transactions early, saving you gas and preventing failed automation attempts.

v2.0 Enhancement: Simulator now detects EOAs (wallets) vs contracts to prevent false revert errors when sending ETH to regular addresses.

3. Execution Caps & Limits

To prevent infinite loops or wallet draining bugs, ZapChain enforces strict execution limits:

• Max Executions: Cap the total number of times a rule can run.
• Cooldowns: Enforce minimum time intervals between executions.
• Gas Price Thresholds: Prevent execution during fee spikes.

4. The Kill Switch

Every ZapChain instance includes a global Kill Switch. In an emergency, you can instantly pause all automation rules without deleting them.

zapChain.setKillSwitch(true); // Emergency Stop

5. EIP-712 Typed Signingv2.0

When signing rules for authorization, ZapChain uses EIP-712 typed data signing so you can see exactly what you're authorizing. No more signing random hex hashes!

This provides transparency and prevents "blind signing" attacks where malicious rules could drain wallets.

6. Verbose Execution Loggingv2.0

Every rule execution is now logged with explicit status and skip reasons:

• SUCCESS - Rule executed successfully
• FAILED - Execution attempted but failed
• SKIPPED - Execution blocked (with reason)

const logs = zapChain.getExecutionLogs();
logs.forEach(log => {
  if (log.status === 'SKIPPED') {
    console.log(`Rule skipped: ${log.skipReason}`);
    // e.g., "COOLDOWN_ACTIVE", "KILL_SWITCH_ACTIVE"
  }
});