Authorized Workflow
Service Methodology and Safety Boundaries
This page explains how CZB handles authorized Web3 security requests: scope confirmation, evidence collection, public-chain review, risk classification, reporting, and post-incident recommendations.
Standard Workflow
- Scope confirmation: understand the requester role, incident type, wallet or systems involved, public addresses, transaction records, device status, backup status, and urgency.
- Authorization review: confirm that the request fits a legitimate security, compliance, governance, or incident-response purpose.
- Evidence collection: organize public-chain data, screenshots, domain records, platform notices, logs, and non-sensitive context.
- Risk classification: classify the issue as suspicious interaction, approval exposure, operational control gap, public-chain incident, platform escalation, or governance risk.
- Technical analysis: review evidence paths, transaction relations, permission state, timeline consistency, and available remediation options.
- Report delivery: provide findings, limitations, risk rating, evidence references, and recommended next actions.
Deliverables
- Evidence summary with source references and known limitations.
- Incident timeline and public-chain relation notes.
- Risk classification and recommended response checklist.
- Mobile wallet access assessment notes when forgotten payment passwords, app PINs, keystore files or backup clues are involved.
- Platform or internal escalation package when applicable.
- Post-incident control recommendations for wallet operations, approvals, monitoring, and governance.
Wallet Access Assessment Path
For forgotten mobile wallet payment passwords, CZB first separates local app passwords from seed phrases, private keys, keystore files and passphrase boundaries. The assessment may lead to safe backup verification, device-side clue organization, approval-risk review, or a clear no-reset limitation.