Please, follow these best practice guideline. If you have any questions, or encounter any issues, please let us know.
All applications that execute Ethereum transactions are vulnerable to attacks. If a hacker is able to steal the private keys of the account executing the transactions, there is not a point of return.
Portfolios are specifically created to secure the execution of Defire operations. They achieve it by splitting ownership from the execution among different accounts. Managers accounts that can execute portfolio DeFi operations but they cannot receive any asset. Assets can only be withdrawn to owners accounts.
The only accounts exposed within the app, are the manager accounts. If they ever get stolen, the hacker cannot also take the assets, only execute the DeFi operations allowed by the portfolio. In that case, the owner can withdraw all the assets from the portfolio securely.
Never execute an operation from a portfolio owner account. They were created to be offline so they are never exposed, thus never stolen. An owner account must be used only if there is an emergency to withdraw the funds and manager accounts are compromised.
There is a main owner account that can add or remove others owners. This is why the main owner is be the account that must be the most safely stored and least used.
A good practice is to have at least two owner accounts: the main account and another to execute a withdraw in case of an emergency. Both accounts should be kept offline and, ideally, in a hardware wallet.
Manager accounts are created to execute operations. There is a main manager account that can add or remove others managers. This is why the main manager is be the account that must be stored offline and used in case a manager needs to be added or removed.
A good practice is to have at least two manager accounts: the main account that should be kept offline, ideally, in a hardware wallet, and another manager account that will be online exe DeFi operations .