Here at Alice, we believe web3 revolutionizes the way we use payments, but with any new technology there are risks. Alice will strive to improve and mitigate these risks, but as part of building trust and transparency with our users, we want you to be aware of these risks upfront.
There are risks involved with supplying funds or digital assets to Anchor Protocol via Alice on the Terra blockchain. Customers may experience losses. Below is a list of potential risks and ways of mitigation. We have included links to more information.
Private Key / Store of Funds
Alice is a non-custodial wallet and does not have access to your private key. Your private key grants access to your funds on the Terra blockchain
Alice uses Torus Network, which securely splits & distributes user private keys across multiple nodes, so only users can access their full private key
Your private key is also securely stored in your iPhone Secure Enclave or Android Keystore, protected by biometrics or PIN.
Alice is working on 2FA and threshold keys to bolster account security
If Torus Network were to be compromised, attackers may retrieve user private keys
Torus Network has been audited by independent cybersecurity companies. Read their audit HERE
Terra UST depeg risks
UST is designed to maintain a peg around 1 USD, but can vary
For Alice users, a minor UST depeg will result in a temporary reduction in account balance until the peg is resumed
A catastrophic UST depeg could mean a more permanent reduction in balance
Terra has been audited by an independent cybersecurity company. See the audit report HERE
Anchor Protocol Risks
Alice does not directly supply the yield rate - rather user funds are stored in Anchor Protocol
Anchor Protocol is developed by Terraform Labs and has over 15 billion UST total value locked (March 2022) since launch in early 2021.
The Anchor yield rate may lower over time depending on market conditions.
If Anchor were to be compromised, Alice user funds could lose value
Alice is working on an insurance product in conjunction with Risk Harbor to mitigate this risk
Anchor Protocol has been audited by multiple independent cybersecurity companies and hosts a bug bounty for security issues. See more HERE
Alice Smart Contracts Risks
Alice uses smart contracts to store user funds in Anchor Protocol and allow for fee-less payments
The Alice smart contracts are built on Cosmos ecosystem, which offers one of the most robust and secure smart contract mechanisms available today
In the event the Alice smart contracts were compromised, user funds could be partially or fully lost depending on the exploit
Alice smart contracts have been audited by an independent security company. Read more details HERE
Alice Account Compromise (Email)
Alice currently uses your connected email address as the only form of connectivity to your Alice account. If your email account is compromised, your Alice account can also be accessed
While a bad actor could access your account, they cannot make any transactions (deposit, withdrawal, P2P) within the app without passing a passcode/biometric challenge so your funds are safe assuming your mobile device is not also compromised
We recommend enabling Two-Factor Authentication on your email account to increase the security on your Alice account
Alice is diligently working on additional security and account recovery features to be released in the near future so stay tuned
If you have more questions or concerns regarding risk please feel free to contact us at [email protected] or via the Alice app chat support. We always want to hear from our users. It's the only way we will be sure we are building the best product possible!