Methodology · v1 · 2026-05-08
Wallet ownership verification
When a Convexly user displays a wallet's Edge Score on their public profile, viewers need to know the claim is real. This page documents how the verification works, what each tier proves, and what it does not.
Three tiers
“Self-attested by user. Verification pending.”
Proves: Nothing about the user. The wallet's score is shown but framed as a user-supplied claim.
Method: The user typed the address into their settings page.
When shown: A user has linked a wallet but has not yet completed signature verification.
“Wallet ownership signed: YYYY-MM-DD”
Proves: Current control of the wallet's private key, dated to the signing moment.
Method: EIP-4361 (Sign-In With Ethereum) personal-message signature against a server-generated 32-byte nonce. Smart-contract wallets are verified via EIP-1271 isValidSignature.
When shown: The user signed the verification challenge with the wallet's key (or, for smart-contract wallets, the contract returned the EIP-1271 magic value).
“Wallet ownership verified: signature + secondary signal”
Proves: Current key control PLUS one independent secondary signal binding the wallet to a separate identity.
Method: LINKED + at least one of (a) Twitter handle bound via verification tweet, (b) Polymarket Builder Code trade observed from the same wallet, or (c) staff manual review.
When shown: The user completed both LINKED and at least one secondary signal.
90-day re-verification cadence
LINKED and secondary-reviewed tiers expire 90 days after the last successful verification. Past that point, the public profile renders the wallet as SELF_ATTESTED with a “Re-verify” prompt. The historical claim is not deleted — only the trust label downgrades. Users re-prove ownership the same way they did originally.
The cadence exists because a wallet's key can be shared, sold, or transferred after verification. Without a periodic re-prove, a stale secondary-reviewed label could outlive actual control. Every check resets the clock.
What verification proves and does not prove
- PROVES: The signer controls the private key for the claimed address at the moment of signing.
- PROVES (SECONDARY REVIEW): That same wallet is bound to an independent identity (Twitter handle, Polymarket trading account, or a staff-reviewed proof).
- DOES NOT PROVE: The signer placed the trades that produced the wallet's historical Edge Score. A wallet that was sold or had its key shared could be re-verified by a new owner.
- DOES NOT PROVE: The signer is the same human who started using the wallet.
- DOES NOT PROVE: The signer hasn't transferred control after signing. The 90-day cadence catches this on the next re-verification cycle.
- CONVEXLY DOES NOT: Perform KYC, AML, sanctions screening, or identity-document verification on linked wallets. Verification establishes wallet-to-Convexly-account control, not real-name identity.
- PUBLIC SURFACES ARE PERMANENT: Toggling a wallet on your public profile creates a public, indexable, and cacheable binding between your Convexly username and your wallet address. Search engines, the Internet Archive, social-share previews, and Convexly's own OG-image cache may retain the binding even after you toggle the wallet off. This cannot be unwound.
- TWITTER VERIFICATION IS PERMANENT: The secondary-signal verification tweet is a public X post containing your Convexly username, your X handle, and your wallet address. Once posted, the binding is indexable forever, even if you delete the tweet. Convexly cannot remove tweets from third-party archives.
Technical detail
Challenge message format (EIP-4361)
convexly.app wants you to sign in with your Ethereum account: 0xABC...DEF Linking this wallet to Convexly username @<username>. URI: https://convexly.app Version: 1 Chain ID: 137 Nonce: <32-byte hex, server-generated, single-use> Issued At: <ISO timestamp> Expiration Time: <issued + 10 minutes>
The nonce is a 32-byte random value generated server-side, stored in wallet_verification_challenges, marked single-use on first redemption, and expires 10 minutes after issuance. The server recovers the signer address from the signature and compares it case-insensitively to the claimed address.
Smart-contract wallets (Privy, Magic, Safe, Argent, etc.) cannot sign with a private key directly. For these, the server detects the address has on-chain code via eth_getCode and calls isValidSignature(hash, signature) on the contract per EIP-1271. The contract's own logic (commonly a multi-sig or session-key check) determines acceptance.
Every verified challenge stores the recovered signer address in the audit row so a third party can reproduce the verification check from the challenge message and signature alone.
Disputes
If you believe a public profile is displaying a wallet that is not theirs, contact support@convexly.app with the profile URL and a brief description. We review disputes within five business days. A self-service reporting form is on the roadmap.