Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.ordsbot.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

OrdsBot uses a two-layer wallet architecture:
  1. Sign-in wallet — Xverse, Unisat, or Leather — used to authenticate via BIP-322 message signing
  2. Bidding keys — derived in-memory from your seed phrase, used by the bot to sign bid messages
These are typically from the same seed phrase but can be different addresses.

Authentication (BIP-322)

When you connect your wallet, OrdsBot follows a challenge-response flow: 
1. Your browser requests a challenge for your Bitcoin address
2. OrdsBot returns a unique challenge string (expires in 5 minutes)
3. You sign the challenge with your wallet
4. OrdsBot verifies the signature and creates a session
Your session is tied to your Bitcoin address — no username or password required.

Key Derivation

The bidding bot requires keys in server memory to sign Satflow bid messages. These are derived from your seed phrase using standard Bitcoin derivation paths:
KeyPathPurpose
Payment keyBIP84 (m/84’/0’/0’/0/0)Signs bid messages, receives payments
Ordinals keyBIP86 (m/86’/0’/0’/0/0)Taproot key for inscriptions
Your private signing keys are sent to the bot’s server RAM so the bot can sign bids automatically. The server has full signing authority over your bidding addresses while the bot is running. Keys are never written to disk or the database, and are lost on server restart. You will see a “Waiting for wallet keys” warning on your tasks when re-derivation is needed.

What the bot uses your keys for

  • Signing the Satflow bid message string: 
    <payment_addr>:<payment_pubkey>:<token_receive_addr>:<price>:<quantity>:<expiry>:<slug>:<timestamp>
  • Signing PSBTs for auto-listing inscriptions (Taproot Schnorr signatures)

Bidding Wallet (Multi-sig)

Satflow uses a bidding wallet model where your bid collateral is held in a 2-of-2 or 2-of-3 multi-sig address. This is displayed in Settings after you derive your wallet. Fund this address to activate bidding.

Security Notes

  • The bot only needs your seed phrase once per server session
  • Sessions use secure, signed tokens stored in server memory
  • There is no password recovery = if you lose your seed phrase, you lose your wallet