Security

All API keys entered in Tree Terminal are stored locally in the application. Those API keys are used to sign messages and send them to Tree Tokyo websockets for execution (as a proxy).

The server never has access to the secrets and can thus never send arbitrary orders.

List of IPs to whitelist for Binance and Bybit: 13.114.222.76,13.114.9.234,18.176.155.14,18.176.230.137, 18.178.119.8,18.180.40.92,18.181.102.151,18.181.117.46,18.182.100.147,52.198.184.93,54.65.188.239

The final version of the terminal will come with a checksum operated on launch on all files so that even if an attacker gets access to Tree servers, they wouldn’t be able to serve malicious JS to the terminal and steal API keys this way.