Finish the Brief report of (Aeasy-io and

Dear all

I’m glad to join the AE community. Although the functionality is almost complete, I will continue to maintain and fix bugs

See here for a brief reportBrief report of.pdf (1.2 MB) now supports more than 20 interfaces for docking stations to access already offers many users the option to renew a domain name

Application details : [Completed] and improvements of the proposal

Thank you again to the foundation, thank you all




Hi @Baixin.chain
Thank you very much for your report.
As you may see the feedback from @gorbak2. ([Completed] and improvements of the proposal)
You also replied this concern in the original thread. Please try to fix this security concern ASAP, so we can finalize the project.
Thank you.


Like most wallets, security is the responsibility of the user. It is not recommended that users copy and paste, screenshots, etc., starting with Bitcoin, we have entered letter by letter.

Yes @Tina ,
I replied to @gorbak2 5 days ago that mnemonic login can also be logged in without copying, just like login with base wallet.
I also chose mnemonic login for multiple reasons

Hi @Baixin.chain
Thank you for your reply.
Actually the security concern we were talking about is your application requires the user to send the mnemonic to a random server.
I think @gorbak25 will elaborate it.

@Tina @gorbak25

Thank you, I have learned something new

I should know what you mean, in general should be word mnemonic or all operations related to the private key should be placed on the client, so that I may want to change is not just a word mnemonic login that part, and the domain name transfer and registration renewal, shall be conducted in the client through the JS - SDK after signature to send signature to GO - SDK for processing, this condition should be met

1 Like

The private key/mnemonic should NEVER leave the client. The current version of aens and aeasy requires users to send their mnemonic to a server in order to handle creation and signing of transactions - this puts a lot of trust in this server. You may leave most of the old logic but tx creation and signing should happen on the client side.


Ok, I see. I will modify according to these


@gorbak25 @Tina

I have just finished your Suggestions. The current implementation is that the server provides data for the front end to display, and the front end USES JS-SDK for a series of operations such as signing. You can now access to view or audit it. open source code in:

Improvements to have also been completed, but they are not yet online as some merchants are already using We plan to go online on November 15th open source code in:
The development documentation has also been updated:

Thank you all for your advice and help me make progress


@Baixin.chain Thank you very much for the security improvement! Please add in your user documentation the your projects were supported by the Aeternity Crypto Foundation.