Security
How your wallet is protected
GrandmaStake is built on a single principle: your funds should be secured by cryptography, not by trusting us. Here’s what that means in practice.
Non-custodial design
Non-custodial means GrandmaStake never holds your private key in a form we can use. We cannot move your SOL, access your wallet, or authorize transactions on your behalf.
For managed wallet users, your private key is protected by your passphrase from the moment it’s created. Your passphrase is the only key — without it, the encrypted wallet is unreadable, even to us. When you authorize a transaction, your key is unlocked inside an isolated security boundary for only as long as it takes to sign — a fraction of a second — then discarded.
For connected wallet users (Phantom, Solflare, etc.), your private key never leaves your wallet. GrandmaStake submits unsigned transaction requests; your wallet signs them locally.
What GrandmaStake can and cannot see
We can see
- Your public wallet address
- Your stake positions and balances (these are public on-chain)
- Your staking history
- Your email address (for login and notifications)
We cannot see
- Your private key — ever
- Your passphrase — ever
- Your recovery phrase — ever
- Your SOL balance (beyond what's public on-chain)
Passphrase lockout protection
Entering an incorrect passphrase multiple times triggers a temporary lockout to protect against guessing attacks. After repeated lockouts, email verification is required before further attempts are allowed. This makes brute-force access to your wallet impractical regardless of computational power.
Transaction signing
When a managed wallet user authorizes a transaction, their encrypted private key is decrypted inside an isolated security boundary — separate from all other systems — for the sub-second duration needed to sign the transaction. The plaintext key exists in memory only during this window and is discarded immediately after.
This architecture ensures that even if GrandmaStake’s other systems were ever compromised, an attacker would have no path to your private key.
Risks to be aware of
- SOL price volatility. The value of your staked SOL fluctuates with the market. Staking does not protect against price changes.
- Slashing. Validators that misbehave or experience extended downtime can be penalized by the network. While the Toshi CSS validator maintains strong uptime, slashing risk cannot be entirely eliminated.
- Lost credentials. If you lose both your passphrase and your recovery phrase, your funds cannot be recovered by anyone. Store your recovery phrase safely.
- Unstaking cooldown. During the ~2–4 day unstaking period, your SOL cannot be accessed or transferred.
Read the full Risk Disclosure for complete details.
Next: FAQ →