Skip to main content

🧠 Memory Protection

SuperSafe Wallet implements comprehensive memory protection strategies to minimize the lifetime of sensitive data in memory and protect against memory-based attacks.

Overview​

Principle: Minimize lifetime of sensitive data in memory.

JavaScript's memory model has inherent limitations, but SuperSafe implements multiple strategies to protect sensitive data:

  • Immediate cleanup after use
  • Scope limitation
  • Automatic cleanup on lock
  • Short-lived sessions
  • Background-only crypto operations

Sensitive Data Handling​

Memory Protection Strategies​

// 1. Immediate cleanup after use
async signTransaction(tx, privateKey) {
  try {
    const signature = await ethers.Wallet.signTransaction(tx, privateKey);
    return signature;
  } finally {
    // ❌ Cannot zero out string in JavaScript
    // βœ… But can remove references for GC
    privateKey = null;
  }
}

// 2. Scope limitation
async getPrivateKey(address) {
  // Return key in minimal scope
  return this.decryptedWallets.get(address);
}

// 3. Automatic cleanup on lock
async lock() {
  // Clear all sensitive data
  this.password = null;
  this.vaultData = null;
  this.decryptedWallets.clear();  // Clear Map
  
  // Force garbage collection hint
  if (global.gc) global.gc();
}

Memory Security Limitations​

JavaScript Memory Model​

Limitations:

  • Cannot zero memory directly
  • Cannot prevent memory dumps
  • Cannot prevent swap to disk
  • Garbage collection timing uncertain

Mitigations:

  • Minimize sensitive data lifetime
  • Clear references immediately
  • Use short-lived sessions
  • Auto-lock on inactivity
  • Background-only crypto operations

Session State Management​

Session State (Memory Only)​

BackgroundSessionController {
  // Security-critical state (never persisted unencrypted)
  isUnlocked: boolean,
  password: string,                    // Memory only
  vaultData: Object,                   // Decrypted vault
  decryptedWallets: Map<address, key>, // Private keys
  
  // Session metadata
  lastActivityTime: timestamp,
  autoLockTimer: TimerId,
  autoLockTimeoutMs: 900000,  // 15 minutes default
  
  // Connected sites
  connectedSites: Map<origin, siteData>
}

Auto-Lock System​

Purpose: Automatically lock wallet after inactivity to protect against unauthorized access.

// Auto-lock implementation
startAutoLockTimer() {
  this.stopAutoLockTimer();  // Clear existing timer
  
  this.autoLockTimer = setTimeout(() => {
    console.log('[Security] ⏰ Auto-lock triggered');
    this.lock();
  }, this.autoLockTimeoutMs);
  
  console.log(`[Security] πŸ• Auto-lock timer started (${this.autoLockTimeoutMs}ms)`);
}

updateActivity() {
  this.lastActivityTime = Date.now();
  
  if (this.isUnlocked && !this.autoLockPaused) {
    this.startAutoLockTimer();  // Reset timer
  }
}

pauseAutoLock() {
  this.autoLockPaused = true;
  this.stopAutoLockTimer();
  console.log('[Security] ⏸️ Auto-lock paused');
}

resumeAutoLock() {
  this.autoLockPaused = false;
  if (this.isUnlocked) {
    this.startAutoLockTimer();
  }
  console.log('[Security] ▢️ Auto-lock resumed');
}

Auto-Lock Triggers:

  • Inactivity timeout (default 15 minutes)
  • Browser close/reload
  • Extension update
  • Manual lock
  • Session expiration

Lock Operation​

Complete Memory Cleanup​

async lock() {
  console.log('[Security] πŸ”’ Locking vault...');
  
  // 1. Clear sensitive data from memory
  this.password = null;
  this.vaultData = null;
  this.decryptedWallets.clear();
  
  // 2. Clear session state
  this.isUnlocked = false;
  
  // 3. Stop auto-lock timer
  this.stopAutoLockTimer();
  
  // 4. Clear session storage
  await this.clearSessionState();
  
  // 5. Notify all contexts
  this.broadcastSessionLocked();
  
  console.log('[Security] βœ… Vault locked successfully');
}

Best Practices​

Minimize Data Lifetime​

  1. Use minimal scope: Keep sensitive data in smallest possible scope
  2. Clear immediately: Remove references as soon as data is no longer needed
  3. Avoid caching: Don't cache sensitive data longer than necessary
  4. Short sessions: Use auto-lock to limit session duration
  5. Background only: All crypto operations in background service worker

Session Management​

  1. Auto-lock enabled: Default 15-minute timeout
  2. Activity tracking: Reset timer on user activity
  3. Manual lock: User can lock immediately
  4. Clean shutdown: Proper cleanup on extension close

Document Status: βœ… Current as of November 15, 2025
Code Version: v3.0.0+
Maintenance: Review after memory security improvements