This document outlines all the security warnings, best practices, and features that have been integrated into the Stellar Remittance Platform.
The platform now includes comprehensive security warnings and best practices to help users protect their accounts and ensure safe transactions. These features are designed to prevent common security mistakes and educate users about blockchain security.
SecurityKeyWarning- Critical warning displayed before secret key is revealedSecretKeyDisplay- Enhanced display component with reveal/hide functionality and copy options
- Mandatory Acknowledgment: Users must acknowledge security risks before viewing their secret key
- Show/Hide Functionality: Secret key is masked by default and can be revealed
- Copy Protection: Secret key can only be copied when revealed
- Visual Warnings: Color-coded warnings (red background) to emphasize importance
- Security Checklist: Displayed warnings include:
- Never share secret key with anyone
- Never paste into untrusted websites
- Store offline in secure locations
- Screenshot carefully
- Anyone with this key can access all funds
<SecretKeyDisplay
secretKey={account.secretKey}
publicKey={account.publicKey}
/>LargeTransactionWarning- Warns when transaction exceeds thresholdTransactionReviewCard- Shows detailed transaction review information
- Threshold-Based Detection: Warns when transaction amount > 1000 XLM (configurable)
- Pre-Transaction Verification Checklist:
- Recipient address is correct and verified
- Amount is correct
- Network (testnet/mainnet) is correct
- Explicit Confirmation Required: Users must click "I've Verified Everything" before proceeding
- Transaction Summary Card: Displays current balance, amount, and remaining balance
<LargeTransactionWarning
amount={amount}
assetCode="XLM"
threshold={1000}
onConfirm={() => setLargeTransactionConfirmed(true)}
/>
<TransactionReviewCard
recipient={recipient}
amount={amount}
assetCode="XLM"
balance={xlmBalance}
/>NetworkWarning- Full warning banner showing network statusNetworkStatus- Compact network status display
- Testnet Detection: Shows blue warning for testnet usage
- Indicates funds have no real value
- Suitable for testing only
- Can be reset without notice
- Mainnet Detection: Shows green confirmation for mainnet
- Emphasizes real funds at risk
- Warns about permanent transactions
- Reminds to verify network before sending
- Offline Detection: Shows red error if network connection lost
- Disables transactions until reconnected
- Shows connection status
π§ͺ Testnet Mode
You are using Stellar Testnet. Funds have no real value here.
This is suitable for testing and development only.
β
Mainnet Connected
Connected to Stellar Mainnet. Real funds are at risk.
Always verify recipient addresses and transaction amounts carefully.
SecurityBestPracticesModal- Comprehensive security guide with multiple tabs
- 5 Educational Tabs:
- Security Overview - Core principles and framework
- Secret Key Management - DO's and DON'Ts for key storage
- Safe Transactions - Pre-transaction checklist and large transaction procedures
- Network Awareness - Testnet vs Mainnet differences
- Recovery - What to do if compromised or lost keys
- 4 core security principles with icons
- Responsibility disclaimer
- Foundational concepts
- DO NOT list (5 critical mistakes to avoid)
- DO list (5 best practices to follow)
- Hardware wallet recommendations
- Password manager suggestions
- 6-step pre-transaction checklist
- Large transaction verification checklist
- Warning about urgency/scammer tactics
- Testnet characteristics (test funds, no value, can reset)
- Mainnet characteristics (real money, permanent, extreme caution required)
- Clear visual distinction with colors
- Suspected compromise procedures
- Lost key recovery information
- Links to Stellar documentation
const [showSecurityBestPractices, setShowSecurityBestPractices] = useState(false);
<SecurityBestPracticesModal
isOpen={showSecurityBestPractices}
onClose={() => setShowSecurityBestPractices(false)}
/>- "π‘οΈ Security" Button: Always visible in the header
- One-Click Access: Users can open the best practices modal at any time
- Persistent Access: Not modal-only; users can access during their entire session
- User clicks "Create Account"
- Account is created successfully
- Security Warning Modal appears (first time only)
- Secret key is displayed with:
- Acknowledgment warning banner
- Public key display (safe to share)
- Secret key masked by default
- Show/Hide and Copy buttons with restrictions
- Offline storage tips
- User enters recipient address
- User enters amount
- Network Warning displays (if applicable)
- Large Transaction Warning appears (if amount > 1000)
- Lists verification checklist
- Requires explicit confirmation
- Transaction Review Card shows summary
- Recipient address
- Amount
- Current balance
- Post-transaction balance
- Transaction sent after verification
// Large transaction threshold (default: 1000 XLM)
<LargeTransactionWarning
amount={amount}
threshold={1000} // Change this value
/>- Security best practices modal shows only once per session
- Stored in sessionStorage as "securityBestPractices_dismissed"
- Users can still access via the Security button
- Red (#ef4444): Critical warnings, secret keys, mainnet real funds
- Orange/Yellow (#f59e0b): Cautionary warnings, large transactions
- Blue (#0284c7): Testnet, information
- Green (#22c55e): Success, verified, online status
- Clear visual hierarchy
- High contrast for readability
- Icons for quick visual recognition
- Keyboard-navigable modals
- ARIA labels where applicable
All security components are responsive and work on:
- Desktop browsers
- Tablets
- Mobile devices
Modal widths adjust with max-width and proper padding for smaller screens.
- No Secret Key Re-display: Secret key only shown once after creation
- Masked by Default: Secret key masked with dots until revealed
- Copy Restrictions: Secret key copy only available when revealed
- Clear Warnings: Multiple reinforcement of security risks
- Large Transaction Verification: Explicit user confirmation required
- Network Confirmation: Users must verify they're on correct network
- User Education: Comprehensive modal with best practices
- Progressive Disclosure: Information presented in digestible chunks
- Create a new account
- Verify security warning appears
- Click "I Understand the Risks"
- Verify secret key is masked
- Click "Show" to reveal
- Click "Copy" to copy to clipboard
- Check balance
- Enter amount > 1000
- Enter valid recipient
- Verify large transaction warning appears
- Verify verification checklist displays
- Verify button says "I've Verified Everything"
- Click button and attempt to send
- On testnet: Verify blue testnet warning displays
- On mainnet: Verify green mainnet warning displays
- Disconnect internet: Verify offline warning displays
- Click the π‘οΈ Security button
- Verify modal opens
- Navigate through all 5 tabs
- Verify content displays correctly
- Close modal
Potential improvements for future versions:
- Two-factor authentication
- Hardware wallet integration
- Biometric authentication
- Transaction signing notifications
- Address book with trusted addresses
- Export encrypted key backups
- Multi-signature account setup
- Activity alerts and monitoring
Last Updated: 2026-03-27 Security Level: Production Ready