Here we will explain how EtherMium is secured. EtherMium exchange consists of 2 parts: Exchange Smart Contract and Order book Service.

The Exchange Smart Contract runs on the Ethereum blockchain and has its address. It behaves like a bank account that can receive funds and make transfers of funds. 

However, as opposed to a bank account, the owners of the account cannot access the funds inside. Only the person who has deposited the funds to the account can perform operations with them. 

The smart contract is, in other words, a program that stores user balances and performs movements of funds from one user to another under stringent circumstances.

The only function in the smart contract that can move funds from one user to another is the trade() function and it requires 2 orders (one from the buyer of a token and one from the seller of the token), both requests must be signed by the respective owner of the balance using his/her wallet. The trade() function will also check to see whether the users have enough balance to trade and whether the prices match.

    function trade(
        uint8[2] v,
        bytes32[4] rs,
        uint256[8] tradeValues,
        address[6] tradeAddresses
    ) onlyAdmin returns (uint filledTakerTokenAmount)

To withdraw funds from the smart contract, the user must sign a message confirming this operation, and the withdrawal can only happen towards the address of the user and nowhere else.

The order book service runs on our servers and holds the user orders. Orders are not stored on the blockchain due to high costs of transactions and network limits. This fact, however, is not decreasing the security of the system in any way, because no trade executes without the user's specific signature. This check is built directly into the contract.

The order book service receives new orders from users and broadcasts them to everyone. It also automatically matches orders by price and sends them to the blockchain. 

All transactions are sent to the blockchain by the Orderbook Service and not directly by the users (like on EtherDelta or 0x) so that the user has the immediate confirmation of his/her trade. There is no possibility of trades failing to execute in our system.

The order book service also performs withdrawals from the Smart Contract. Withdrawals execute through the adminWithdraw() function on the smart contract and require the user's signature. No withdrawals can execute without a signed request from the user's wallet.

 function adminWithdraw(
        address token,
        uint256 amount,
        address user,
        uint256 nonce,
        uint8 v,
        bytes32 r,
        bytes32 s,
        uint256 feeWithdrawal
    ) onlyAdmin returns (bool success) {

In case our order book service goes offline for any reason, the smart contract has a built-in escape hatch for the user to withdraw his/her funds form the contract after a specified inactivity period which is 10 000 blocks (roughly 48 hours). Users can remove their funds safely from the contract using the withdraw() function which can only be called from the user's wallet. The inactivity period is set to prevent users from withdrawing the funds through this method and thus invalidating their orders. During normal operations, withdrawals are easily performed through the website.

   function withdraw(address token, uint256 amount) returns (bool success) {
        if (safeSub(block.number, lastActiveTransaction[msg.sender]) < inactivityReleasePeriod) throw;
        if (tokens[token][msg.sender] < amount) throw;
        tokens[token][msg.sender] = safeSub(tokens[token][msg.sender], amount);
        if (token == address(0)) {
            if (!msg.sender.send(amount)) throw;
        } else {
            if (!Token(token).transfer(msg.sender, amount)) throw;
        Withdraw(token, msg.sender, amount, tokens[token][msg.sender], 0);

In conclusion, we have taken all the necessary steps to make sure that our service is completely safe. You can rest assured while using EtherMium that your funds are secure and cannot be hacked or seized by anyone unless the user gives away their wallet private keys.

Did this answer your question?