Security
All API keys entered in Tree Terminal are stored locally in the application. Those API keys are used to sign messages and send them to Tree Tokyo websockets for execution (as a proxy).
The server never has access to the secrets and can thus never send arbitrary orders.
List of IPs to whitelist for Binance (space separated)
13.114.222.76 13.114.9.234 18.176.155.14 18.176.230.137 18.178.119.8 18.180.40.92 18.181.102.151 18.181.117.46 18.182.100.147 52.198.184.93 54.65.188.239 13.212.169.19
List of IPs to whitelist for Bybit & OKX (comma separated):
13.114.222.76,13.114.9.234,18.176.155.14,18.176.230.137,18.178.119.8,18.180.40.92,18.181.102.151,18.181.117.46,18.182.100.147,52.198.184.93,54.65.188.239,13.212.169.19
The final version of the terminal will come with a checksum operated on launch on all files so that even if an attacker gets access to Tree servers, they wouldn’t be able to serve malicious JS to the terminal and steal API keys this way.
Last updated