Where the bot actually trades from

Your wallet (mnemonic in Keplr or Ledger) owns a dydx1… address. That address holds USDC inside Subaccount 0. The bot reads/writes to Subaccount 0 by signing transactions with a permissioned key — a delegated identity registered on-chain against your owner address.

At no point does Botely hold funds, custody your mnemonic, or have unilateral access to anything beyond placing/canceling ETH/SOL/BNB orders on Subaccount 0. The whitelist on-chain enforces this — it's not a policy promise, it's chain code.

A strategy signal fires (e.g., ETH long on v6.4). The bot composes a MsgPlaceOrder for ETH-USD on Subaccount 0 with the size and price the strategy chose. It signs with the trading-key private key (held in the bot host's .env), referencing the on-chain authenticator id.

The chain verifies the signature, checks the authenticator's whitelist (this op must match: place order, on ETH/SOL/BNB, on subaccount 0, with this key's public part). If all clauses pass, the order is accepted and matched against the orderbook. Your subaccount's USDC position becomes an ETH position.

Withdrawing funds from the subaccount: only your owner mnemonic can sign MsgWithdrawFromSubaccount. The trading key cannot.

Adding/removing trading keys: only your owner mnemonic. Botely's wizard asks for your signature each time.

Disabling the bot: the bot toggle in /app/settings stops the bot from placing NEW orders. The bot itself can't stop following its own logic, but you can stop it via this toggle or by removing the trading key from the .env.