FAQs

What is Q Safe Wallet? Q Safe Wallet is a next-generation cryptocurrency wallet that combines EVM compatibility with post-quantum cryptography . It supports multiple blockchains including Quranium Chain (a quantum-safe EVM chain), Ethereum, Polygon, Bitcoin, Solana, and more.

Is Q Safe Wallet open-source? Yes, Q Safe Wallet is built using open-source libraries and tools. The core components are publicly available for review and auditing.

Can I use Q Safe Wallet on mobile devices? Currently, it’s available as a browser extension. Mobile app support is under development.

Does Q Safe Wallet store any of my data on servers? No. Q Safe Wallet is non-custodial , meaning all private keys, mnemonics, and encrypted data remain on your device. No user data is stored on remote servers.

Who developed Q Safe Wallet? Q Safe Wallet was developed by Quranium product team.

Can I use Q Safe Wallet without internet access? You can view balances and manage accounts offline, but sending transactions or interacting with DApps requires an internet connection.

What operating systems does Q Safe Wallet support? It works on Windows, macOS, and Linux , and integrates with major browsers like Chrome and Firefox.

How do I contact Q Safe Wallet support? You can reach out via the official website, GitHub repository, Discord server, or community forums.

Is Q Safe Wallet free to use? Yes, the wallet is free. However, you may incur network fees (gas) when transacting on supported blockchains.

Can I run Q Safe Wallet in a private browser mode? Yes, but note that local storage (e.g., session tokens) will be cleared when the window closes.

What makes Q Safe Wallet quantum-safe? It uses SLH-DSA for signing and ML-KEM for encryption — both NIST-standardized post-quantum algorithms that protect against future threats from quantum computing.

What is SLH-DSA and how is it used? SLH-DSA (Stateless Hash-Based Digital Signature Algorithm) is used for signing transactions on Quranium Chain . Unlike ECDSA, it doesn’t rely on elliptic curves but on hash functions, making it resistant to quantum attacks.

What is ML-KEM and how does it work? ML-KEM (Module Lattice-Based Key Encapsulation Mechanism) is used to encrypt backups and sensitive data. It combines lattice-based cryptography with symmetric encryption for hybrid security.

Are my private keys ever exposed to the internet? No. Your private keys never leave your device unless explicitly exported. They are only used in memory during signing operations.

Can I export my ML-KEM private key? Yes, but only manually and at your own risk. Always store exported keys securely.

Why is post-quantum security important now? Although quantum computers aren't widely available yet, they could one day break traditional cryptographic algorithms like ECDSA and RSA. Using post-quantum methods ensures long-term safety.

Can I verify that my backup is encrypted with ML-KEM? Yes. Encrypted backups are stored in a JSON format containing a capsule , symmetric ciphertext , and nonce , all generated using ML-KEM.

What happens if I lose my password? If you lose your password and don’t have a recovery phrase or ML-KEM key, you will not be able to unlock your wallet or decrypt your mnemonic.

Is there a way to test quantum-resistant features? Yes, you can interact with Quranium Testnet or simulate transactions in dev environments to test SLH-DSA and ML-KEM functionality.

Do I need to understand quantum physics to use Q Safe Wallet? No. You just need to follow standard wallet best practices (e.g., securing your mnemonic, keeping backups safe). The post-quantum features operate behind the scenes.

How do I back up my wallet? Go to Settings > Backup & Restore , select the account, confirm your password, and save the encrypted file securely.

Where are backups stored? Encrypted backups are stored locally or uploaded to cloud services. The wallet itself does not store them.

Can I restore from a backup without the password? No. The backup is encrypted using a password-derived key. Without the correct password, decryption fails.

What should I do if I forget my password? Unfortunately, you’ll lose access to your wallet and backups unless you remember the password or have a written copy of your mnemonic.

How often should I back up my wallet? Back up your wallet whenever you create a new account or change your password.

Can I import a backup into another wallet? No. Backups are specific to Q Safe Wallet and cannot be imported into other wallets due to their post-quantum encryption structure.

What does a backup contain? A backup contains:

Can I recover just one account from a backup? Yes. You can selectively restore individual accounts using the backup system.

What happens if my backup file gets corrupted? Try restoring from another backup. If none exist, you'll need to use your mnemonic to recreate the wallet.

Can I share my backup with someone else? Only if you fully trust them. Anyone with the backup and password can access your funds.

How do I send crypto using Q Safe Wallet? Click "Send", enter the recipient address, amount, and confirm the transaction using your password or hardware wallet.

What networks are supported for transactions? Q Safe Wallet supports:

Why do I get an error when trying to send on EVM chains? This usually occurs when using an SLH-DSA account on an EVM chain. Ensure you're using an ECDSA-based account for Ethereum-compatible networks.

What is gas and why do I need it? Gas is the fee paid to miners or validators to process your transaction on a blockchain. On EVM chains, it's paid in ETH or the native token.

Can I set custom gas prices? Yes. Use the gas price slider (Economy/Fast/Fastest) or manually adjust values in advanced settings.

What is a nonce? A nonce is a counter used to prevent double-spending. Each transaction must have a unique nonce.

What happens if a transaction fails? The transaction is recorded as failed in your activity log. Gas fees are still charged because resources were used.

Can I cancel a pending transaction? No, once submitted to the network, a transaction cannot be canceled. You can try replacing it with a higher gas price.

How do I check transaction status? View your transaction in the Activity tab. Click the transaction hash to see details on the respective blockchain explorer.

Why did my transaction take so long to confirm? Low gas price or network congestion can delay confirmation. Try increasing the gas price next time.

Can I swap tokens inside Q Safe Wallet? Yes, Q Safe Wallet has an integrated swap interface that connects to decentralized exchanges (DEXs).

Which DEXs does Q Safe Wallet integrate with? It currently integrates with Uniswap, SushiSwap, QuickSwap, and others across supported chains.

Can I use Q Safe Wallet with MetaMask-supported DApps? Yes. Q Safe Wallet provides a compatible Ethereum provider object that most DApps recognize.

Why am I seeing a slippage warning? Slippage is the difference between the expected and actual price of a trade. A high slippage means the price moved significantly during execution.

What is the minimum swap amount? Minimum amounts vary depending on the token and exchange. Check the DApp interface for details.

Can I approve unlimited token spending? Yes, but we recommend setting a finite allowance to reduce risk.

Why does a DApp ask for access to my wallet? DApps request permission to read your balance and sign transactions. Never grant access to untrusted apps.

Can I revoke permissions for a DApp? Yes, go to Settings > Connected Sites and click “Revoke” next to the DApp name.

Why is my approval still active after closing the app? Approvals are stored on-chain. You must manually revoke them to remove access.

Can I use Q Safe Wallet with yield aggregators or DeFi protocols? Yes, as long as the protocol is deployed on a supported chain and uses standard interfaces (ERC-20, ERC-721, etc.).

How does Q Safe Wallet generate private keys for Quranium Chain? Private keys are derived from the mnemonic using BIP-39 entropy and hashed via SHAKE256 to produce deterministic SLH-DSA key pairs.

What signing algorithm is used for Quranium Chain transactions? SLH-DSA (Stateless Hash-Based Digital Signature Algorithm), a NIST-standardized post-quantum signature scheme.

How is the public key derived in Q Safe Wallet? For SLH-DSA, the public key is generated during key generation and stored as a hex string. It's used to derive the wallet address.

What hashing function is used in SLH-DSA signing? SHAKE256, an extendable-output function (XOF) from the SHA-3 family.

How is the transaction hash computed before signing? Keccak-256 is used to hash the transaction data before signing it with the SLH-DSA private key.

Can I sign raw transaction data manually using Q Safe Wallet? Yes, advanced users can input RLP-encoded transaction data and sign it directly using the signRaw method.

What format does the signed transaction return in? The signed transaction is returned in RLP-encoded format, prefixed with 0x.

Does Q Safe Wallet support EIP-1559 for gas estimation? Yes, it fully supports EIP-1559 for networks that use fee market transactions (e.g., Ethereum, Optimism).

What libraries are used for cryptographic operations in Q Safe Wallet?

How is the SLH-DSA signature length validated? The wallet checks if the signature buffer length is exactly 49,856 bytes, which is required by SLH-DSA-128.

Is there a fallback mechanism for failed signature validation? No. Invalid signatures throw an error to prevent malformed or malicious transactions from being submitted.

How is the ML-KEM public key used in backups? It’s used to encapsulate a shared secret, which is then used to encrypt the symmetric payload using XSalsa20-Poly1305.

What happens if I lose my ML-KEM private key? You won’t be able to decrypt any encrypted backups or sensitive data stored in the wallet.

Are ML-KEM and SLH-DSA interchangeable in Q Safe Wallet? No. SLH-DSA is used for signing transactions, while ML-KEM is used only for backup encryption.

Can I export both SLH-DSA and ML-KEM keys together? Yes, but they must be exported separately and stored securely.

How does Q Safe Wallet handle multi-chain account derivation? Each chain uses its own derivation path (BIP-44 compliant), ensuring deterministic account generation across chains.

What happens when you switch between networks in the wallet? The wallet loads the correct signer (ECDSA or SLH-DSA) and network-specific RPC endpoints.

Can I use the same mnemonic for multiple wallets? Yes, but each wallet may derive accounts differently based on their derivation paths and signing algorithms.

How are transaction nonces handled in Q Safe Wallet? Nonces are fetched from the latest block and incremented automatically per transaction.

Is nonce manipulation possible in Q Safe Wallet? Advanced users can manually override the nonce value in developer mode.

How is the gas limit estimated for a transaction? Using web3.eth.estimateGas() for most EVM-compatible chains. Overrides are allowed for manual tuning.

Why do some transactions fail even with high gas limits? Gas estimation is not always accurate due to dynamic contract behavior or reentrancy issues.

Can I set custom gas price values? Yes, the wallet allows setting custom maxFeePerGas and maxPriorityFeePerGas values.

How is the final signed transaction broadcasted? Using eth_sendRawTransaction over HTTP-RPC to the selected network node.

Can I monitor pending transactions inside the wallet? Yes, all sent transactions appear in the Activity tab until confirmed or failed.

What tools are available for transaction debugging? The wallet logs raw transaction data, signature lengths, and error messages for troubleshooting.

How does the wallet handle failed transaction receipts? Failed transactions are marked as "Failed" in the activity log, and the user is alerted.

Is replay protection built into the wallet? Yes, each transaction has a unique nonce, preventing accidental replays.

How is the wallet integrated with blockchain explorers? After a successful transaction, the wallet provides a link to the corresponding explorer page.

Can I view the serialized transaction before sending? Yes, in developer mode, the full RLP-serialized transaction is visible for inspection.

What role does the recovery ID play in ECDSA signing? The recovery ID (v) determines which public key corresponds to the private key used for signing.

Why is the y-parity field important in EVM transactions? It ensures the correct public key is recovered from the signature and must be either 0 or 1.

Can I use SLH-DSA signatures on EVM chains? No. EVM nodes expect ECDSA signatures. Using SLH-DSA results in rejection with errors like "invalid y-parity".

How does the wallet distinguish between ECDSA and SLH-DSA accounts? Each account stores metadata indicating its signing type (signerType), used to select the appropriate signer.

What happens if I try to send ETH using an SLH-DSA account? The transaction will fail because the Ethereum node cannot validate the SLH-DSA signature.

Can I convert an ECDSA account to an SLH-DSA account? No. These are separate derivation paths and signing mechanisms. You must create a new account.

How are transaction hashes verified after submission? The wallet polls the network for the transaction receipt and displays the result once received.

Is there a way to simulate transactions without broadcasting them? Yes, using the “Preview” feature, the wallet shows expected outcomes without submitting to the network.

What happens if a transaction is dropped from the mempool? It appears as "Failed" in the activity log, and the user must resend with higher fees.

How are transaction confirmations tracked? By polling the network at regular intervals and updating status in the UI.

Can I cancel a pending transaction? No, but you can replace it by resubmitting with a higher gas price.

What is the purpose of the session token in Q Safe Wallet? It keeps the wallet unlocked temporarily during transaction signing without requiring repeated password entry.

How long is the session token valid? Typically 5 minutes, after which the wallet auto-locks for security.

Is there a timeout for transaction signing? Yes. If signing takes too long (e.g., due to slow hardware), the process aborts to avoid hanging.

How does the wallet ensure cross-chain compatibility? By abstracting signing logic behind a unified interface and allowing network-specific overrides.

Can I reuse a signed transaction across different networks? No. Each network has a unique chainId, making transactions incompatible across chains.

What is the difference between legacy and EIP-1559 transactions? Legacy uses a single gasPrice, while EIP-1559 separates baseFee and tip (priority fee).

How does Q Safe Wallet handle chain upgrades like London or Cancun? By dynamically detecting the network and applying the correct transaction format and gas rules.

Can I manually specify the chainId for a transaction? Yes, in advanced settings, users can override the default chainId for testing or custom networks.

How does the wallet handle multisig or contract interactions? It treats them like standard transactions, showing decoded ABI data where available.

Why am I getting 'insufficient funds for gas * price + value' even with balance? This usually occurs when using an SLH-DSA account on an EVM chain. Ensure you're using an ECDSA-based account.

What causes a 'nonce too low' error? Trying to reuse a nonce that has already been mined.

What does 'replacement transaction underpriced' mean? You tried to replace a pending transaction, but the new one doesn't pay enough gas.

Why does my transaction say 'out of gas'? The provided gas limit was insufficient to complete execution, often due to complex smart contract logic.

What is a 'reverted' transaction? A transaction that failed during execution, often due to a contract condition or invalid call data.

How do I fix 'intrinsic gas too low' errors? Increase the gas limit slightly above the minimum required for the transaction.

What is the 'baseFeePerGas' and why does it matter? It's the minimum gas price set by the network. Transactions below this are rejected.

Why did my swap fail with 'slippage too high' warning? The price moved more than your slippage tolerance allowed during execution.

How do I debug a failed DApp interaction? Check the transaction receipt for revert reasons or decode the contract logs.

What is a 'contract execution reverted' error? The called contract threw an exception, often due to invalid parameters or insufficient permissions.

Why do some transactions get stuck in 'Pending' state? Low gas prices cause miners to ignore the transaction; increase gas price to speed it up.

How do I force-cancel a stuck transaction? Send a 0-value transaction with the same nonce and higher gas price to overwrite it.

What is a 'transaction underpriced' error? Your transaction gas price is too low compared to current network conditions.

Why does the wallet sometimes show 'Invalid to address'? The recipient address may be invalid or improperly formatted (e.g., missing '0x').

What is a 'non-contract account called' error? Occurs when trying to interact with an externally owned account (EOA) as if it were a contract.

Why does my token transfer show 'Approve' instead of 'Transfer'? Some tokens require approval before transferring, especially ERC-20 tokens.

What is the 'max priority fee too low' error? Your transaction's tip is below the network’s minimum required for inclusion.

Why does my transaction keep failing with 'Reverted' on Polygon? Polygon uses fast-finality, so invalid contracts or approvals trigger immediate reverts.

What should I do if I accidentally sent funds to the wrong network? Use a cross-chain bridge if supported. Otherwise, contact the receiving chain’s support team.

Why does the wallet show 'Not enough POL to pay the network fee'? You’re using a POL-based network (e.g., Polygon), and your POL balance is too low to cover gas.

What is the difference between 'Economy', 'Fast', and 'Fastest' gas options?

Why does the gas cost keep fluctuating? Gas prices depend on network congestion and base fee changes (especially on EIP-1559 chains).

What is a 'failed' transaction in the activity log? It means the transaction was submitted but rejected by the network.

Can I recover gas fees from a failed transaction? No. Gas is paid regardless of success because resources were used to process the transaction.

What is the 'Transaction Not Found' error? The transaction hasn’t been mined yet or was dropped from the mempool.

Why does the wallet say 'Invalid decimals for [token]'? The entered amount exceeds the token’s decimal precision (e.g., 18 for ETH).

What does 'User rejected transaction' mean? You canceled the transaction before signing.

How do I check transaction details after submission? Click the transaction hash in the Activity tab to open it on the relevant blockchain explorer.

What is the 'Insufficient allowance' error? The DApp doesn’t have permission to spend the token you're trying to send.

Why is my approval still active after closing the app? Approvals are stored on-chain. You must manually revoke them to remove access.

How do I revoke token allowances? Use the Revoke feature in the DApp Permissions section.

What is a 'Bad instruction' error? Usually caused by invalid bytecode execution or corrupted contract calls.

What is 'Execution reverted without reason'? The contract threw an error without providing a revert message.

Why do I see 'Only external accounts may initiate transactions'? You tried to send a transaction from a contract account, which isn’t allowed.

What does 'Exceeds block gas limit' mean? The gas limit you set is higher than what the current block can accept.

What is a 'Transaction with the same hash was already imported'? You attempted to resubmit a transaction that's already in the mempool.

Why does the wallet warn about 'High Slippage'? To alert you that the trade price could move significantly before execution.

What is a 'Missing revert data' error? The transaction failed, but no revert reason was included in the response.

What is a 'Transaction already in the pool' error? The transaction has already been submitted and is waiting to be mined.

What is 'Too many requests' when connecting to a provider? You’ve exceeded the rate limit of the RPC provider.

Why does the wallet sometimes show 'Unknown Error'? If the provider returns an unhandled error, the wallet falls back to a generic message.

What is 'Out of bounds' in transaction data? The encoded calldata contains out-of-range values.

What does 'Call failed' mean? An internal call within the transaction failed, typically due to contract logic.

Why does the wallet show 'Invalid chain ID'? You’re trying to send a transaction to a network with a mismatched chain ID.

What is 'Transaction timed out'? The transaction wasn’t mined within the expected time window.

Why does the wallet sometimes freeze during signing? Large computations (like SLH-DSA signing) can take time and block the UI thread.

What is a 'Dust attack' warning? Someone sent a tiny amount of tokens to your wallet to identify your address.

Why do I get 'Signer not found' when trying to sign? The wallet couldn't find the correct signing method for the selected network.

What is 'Data too large' in transaction data? The calldata size exceeds the maximum allowed by the network.

Why does the wallet show 'Could not estimate gas'? The transaction would likely fail, so the network refuses to provide an estimate.

How does Q Safe Wallet protect against phishing attacks? It warns users when interacting with unknown or suspicious domains.

What is a secure way to store backups? Store them in offline storage (e.g., USB drive, cold storage) and encrypt them with a strong password.

Can I use biometric authentication for signing? Yes, on supported devices, you can enable fingerprint or facial recognition for signing.

How often should I rotate my private keys? Never unless necessary — rotating increases risk. Use strong backups instead.

What is the safest way to verify an address? Use checksum addresses (EIP-55) and double-check the last few characters.

How does Q Safe Wallet prevent brute-force attacks? Encrypted backups use PBKDF2 with high iteration counts to slow down attackers.

What happens if someone gets my public key? Nothing — the public key is safe to share and cannot be used to derive the private key.

What is a zero-day vulnerability and how does Q Safe Wallet mitigate it? Zero-days are unknown exploits. Q Safe Wallet mitigates risk through code audits and prompt updates.

Can I import a compromised mnemonic into Q Safe Wallet? Technically yes, but it's not recommended. Always assume compromised mnemonics are unsafe.

What is a side-channel attack and how is it prevented? Side-channel attacks exploit timing or memory leaks. Q Safe Wallet uses constant-time signing functions.

How does the wallet handle memory cleanup? Sensitive data is cleared from memory after signing or locking the wallet.

What is a cold wallet and how is it different? A cold wallet is never connected to the internet, unlike Q Safe Wallet, which is hot.

Can I use Q Safe Wallet on public Wi-Fi? Yes, but avoid logging in or approving transactions on insecure networks.

How does Q Safe Wallet detect fake RPCs? It validates known network identifiers and blocks unrecognized ones.

What is a rogue DApp and how can it harm me? A rogue DApp may request excessive permissions or execute malicious code.

How do I know if a DApp is trustworthy? Stick to well-known DApps with open-source code and verified contracts.

What is a replay attack and how is it prevented? A replay attack resubmits a valid transaction. Q Safe Wallet prevents this by incrementing nonces.

What is a front-running attack and how can I avoid it? Front-running is when bots copy your transaction. Avoid sending high-value transactions in public pools.

How does Q Safe Wallet prevent unauthorized access? It uses local encryption and requires password entry for every unlock or sign operation.

Can I lock the wallet remotely? Not currently, but future versions may allow remote locking via linked accounts.

What is the purpose of the mnemonic phrase? It acts as a seed for generating all your keys deterministically.

What should I do if I suspect a breach? Immediately stop using the wallet and move funds to a new account.

How do I know if a transaction was tampered with? Compare the signed hash with the one on the blockchain explorer.

What is a hardware wallet and how does it improve security? A hardware wallet stores private keys offline, protecting them from software-based attacks.

What is a social engineering scam and how to avoid it? Scammers trick users into sharing secrets. Never give your mnemonic to anyone.

How does Q Safe Wallet handle firmware updates? Updates are signed and verified before installation to prevent malicious code injection.

What is a honeypot and how do I avoid it? Honeypots trap users into giving away control. Only interact with audited contracts.

What is a phishing site and how can I spot one? Phishing sites mimic real interfaces. Always verify URLs and SSL certificates.

How does the wallet prevent clipboard hijacking? It includes a verification step before sending to copied addresses.

What is a MEV bot and how does it affect me? MEV bots extract value from your transactions. Avoid using them unless necessary.

What is a flash loan attack and how is it related to DApps? Flash loans let attackers borrow and repay in one transaction. Be cautious when interacting with lending platforms.

What is a Sybil attack and how does it impact my wallet? Sybil attacks involve fake identities. Q Safe Wallet isn't vulnerable to this directly.

How does Q Safe Wallet protect against malware? It avoids storing private keys in plain text and clears memory after use.

What is a seed vault and how does it work? A seed vault is a secure location for storing mnemonics. Q Safe Wallet doesn’t store seeds directly.

What is a 51% attack and how does it affect me? A 51% attack allows attackers to reverse transactions. Q Safe Wallet assumes the network is honest.

What is a reentrancy attack and how does it affect DApps? Reentrancy lets contracts recursively call other contracts. Q Safe Wallet doesn’t execute contract calls.

What is a sandwich attack and how can I avoid it? Sandwich attacks manipulate trades. Use trusted DEXs and avoid high-slippage swaps.

How does Q Safe Wallet protect against keylogging? It encourages using hardware wallets and clearing session tokens after use.

What is a quantum attack and how is Q Safe Wallet prepared? Quantum computers could break ECDSA. Q Safe Wallet uses post-quantum algorithms to stay ahead.

What is a downgrade attack and how is it prevented? Downgrade attacks trick clients into using older, weaker protocols. Q Safe Wallet enforces modern standards.

What is a man-in-the-middle attack and how is it prevented? MITM attacks intercept communication. Q Safe Wallet uses HTTPS and secure signing methods.

What is a dusting attack and how do I respond? Attackers send tiny amounts to track wallets. Q Safe Wallet alerts users about unusual small transfers.

What is a rug pull and how do I avoid it? Rug pulls occur when developers abandon projects. Only interact with audited and community-trusted DApps.

How does the wallet handle phishing attempts via DApps? It verifies domain names and warns users before granting permissions.

What is a spoofed transaction and how to detect it? Spoofed transactions mimic real ones. Always verify the transaction hash and sender.

What is a honeypot DApp and how do I avoid it? Honeypot DApps trap users into giving up control. Stick to known, trusted DApps.

How does Q Safe Wallet handle insecure RPC connections? It validates known RPCs and warns users when connecting to unknown ones.

What is a whale attack and how do I avoid it? Whales can manipulate prices. Avoid trading on illiquid markets.

How does Q Safe Wallet protect against supply chain attacks? All dependencies are pinned and checked for integrity using subresource integrity (SRI).

What is a dependency confusion attack and how is it avoided? Q Safe Wallet uses strict package-lock files and avoids ambiguous dependency names.