Glossary
Sub-Contractâ
An address used for customer deposits. Customers can deposit crypto assets from exchanges or Web3 wallets to this address.
This address is identical in format and usage to a regular externally owned account (EOA) sub-wallet address, but internally it is implemented as a contract address with a keyless design. Assets in this address can only be transferred to its bound cold contract through the sweeping mechanism.
Cold Contractâ
A unified treasury pool for centrally managing funds swept from sub-contracts.
Assets in the cold contract must be periodically rebalanced to the system's bound hot contract or hot wallet according to the amount and fixed cycle rules defined by the multi-signature configuration contract.
Hot Contractâ
A contract address generated during professional merchant registration for fund withdrawals. It can periodically receive crypto assets rebalanced from the cold contract.
Assets in the hot contract require signatures from multiple administrators (i.e., finance personnel) before they can be transferred to external addresses, enabling secure fund distribution.
Hot Walletâ
A financial address provided by standard merchants during system registration. It can periodically receive crypto assets rebalanced from the cold contract.
After merchants transfer the crypto assets rebalanced from the cold contract to the hot wallet, they can use the signer to perform batch distribution transfers, completing asset withdrawals to customers.
Sweepingâ
The operation of aggregating and transferring assets from sub-contract addresses to the cold contract.
Any user can call the sweeping method of a sub-contract to initiate a secure sweeping operation, achieving unified aggregation of sub-contract assets.
Rebalanceâ
The operation of transferring assets from the cold contract to the system's bound hot contract or hot wallet.
The rebalance operation is equivalent to a fund withdrawal at the system level, and the system will charge corresponding fees during execution.
Multi-Signature Cold Contractâ
A control contract for managing cold contract asset operation permissions.
The configuration contract is responsible for defining the withdrawable amount, execution cycle, and multi-signature approval rules for cold contract assets, ensuring secure circulation of cold assets under controlled conditions.
Multi-Signature Hot Contractâ
A control contract for managing hot contract asset operation permissions.
The configuration contract is responsible for setting the administrators and multi-signature approval rules for hot contract assets, ensuring secure distribution of hot assets under controlled conditions.
Signerâ
A signing server deployed in the merchant's internal network environment, used to execute customer asset distribution transfer scripts.
The signer performs local signing by calling the hot wallet private key, enabling secure and efficient batch transfers while reducing the risk of private key exposure.
Guardianâ
An independent verification server deployed in the merchant's internal network or third-party secure environment, used to perform secondary verification of multi-signature parameters.
After a merchant administrator initiates a multi-signature operation in the system, they will be redirected to the guardian for parameter verification. After confirming correctness, they sign, enhancing the security of multi-signature operations.
The guardian can also serve as a sub-contract address verification tool for payment pages, ensuring customers deposit to safe and correct sub-contract addresses.