Kuma Connect

Kuma Connect allows users to easily connect to Kuma on their mobile devices using Session Keys. This is achieved by scanning an Kuma Connect QR code during the “Connect Wallet’ flow on mobile. Once connected via Kuma Connect, mobile users are able to place and cancel orders in real time without exposing their private keys to their mobile device. Kuma Connect enables users to trade on the go without sacrificing the security of their funds.

How to connect using Kuma Connect

  1. Upon connecting a custody wallet to Kuma, users are presented with a modal informing them of Kuma Connect. This modal includes the option to create a QR code.

  2. The user clicks “Generate QR Code” and signs the transaction on their custody wallet.

  3. The modal updates to show an Kuma Connect QR code.

  4. The user navigates to Kuma on their mobile device, selects “Connect Wallet” and then selects “Kuma Connect”

  5. Once the user selects “Kuma Connect” their phone will activate their camera and they must scan the QR code on their computer.

  6. Upon scanning the code, the user will be connected on their mobile device and the QR code will disappear, indicating that it has been used.

Permissions

Building off of Session Keys, Kuma Connect inherits many of the same characteristics, including permissions. Kuma Connect only includes the capability to place and cancel orders. Deposits and withdrawals require a custody wallet signature.

Expiration

In addition to permissions, Kuma Connect Session Keys expire 30 days after creation. Users connecting through Kuma Connect will be logged out after 30 days and must connect using a new QR code to resume using Kuma Connect.

Invalidation

Kuma includes a robust mechanism for invalidating SKs, including Kuma Connect SKs. As noted in Contracts, invalidating a custody wallet’s nonce also precludes any further order authorizations from existing SKs. The off-chain components automatically cancel all open orders and revoke all associated SKs on receiving a nonce invalidation event.

  1. Invalidation requests are authorized by custody wallet signature only and may be made for any active or expired associated SK.

  2. The server validates the invalidation requests and cancels all open orders authorized by the target SKs.

  3. The server updates the SK database row as revoked but does not clear the authorization signature. The authorization signature may be necessary for rebroadcasts and other operational concerns, and is ultimately public, as it is included in any prior settlement transactions for the SK.

Importantly, an order authorized by an expired but not invalidated SK is valid.

Notes

  • An Kuma Connect QR code may only be used once per device. If the user disconnects their wallet, they must generate a new QR code and connect via Kuma connect again.

  • Deposits and withdrawals are intentionally not supported by Kuma Connect using Session Keys. This is a security feature, ensuring that funds may only move in and out of the account using the custody wallet.

Last updated