Skip to main content

2 posts tagged with "smart wallets"

View All Tags

· 10 min read

Smart Contract Wallets, the Future of Crypto Wallets?

Multi-signature wallets, also referred to as multisig wallets, are standardized smart contracts that consolidate multiple accounts and private keys into a single wallet for managing crypto assets. The main goal of a multisig wallet is to create redundancy by requiring multiple private key signatures to authorize a transaction, similar to other crypto wallet solutions. Smart wallets utilize a group of exclusive key pairs and wallet owners can set the minimum number of signatures required for authorizing any transaction, allowing them to distribute the keys associated with the primary wallet to other parties and decentralize the responsibility of managing funds. As a result, multiple parties must sign off on a transaction before it is validated, providing an extra layer of security for the wallet and the crypto assets associated with it. This mechanism also prevents malicious actors from accessing funds if one of the accounts private keys is lost or stolen.

To learn more about the risks associated with traditional crypto wallets and to get a comprehensive technical analysis of the benefits of using a multisig wallet, please check out our article, The Risk and Future of Crypto Wallets. In this article, we compare MPC Wallet and Smart Wallets and explain which one is preferable from a security perspective. As crypto wallets are a critical component in a blockchain system, it is crucial to establish robust policies, guidelines, and best practices to safeguard and benefit the entire community.

That's why we've created a guide on how to migrate from a conventional wallet to a multisig solution. Since crypto wallets are a single point of failure, we recommend transitioning to smart wallets to reduce the impact if one of the private keys is intentionally or accidentally leaked. Additionally, this significantly diminishes the likelihood of former employees attacking the protocol in case of an inside job.

How to Migrate to a Smart Wallet

This guide outlines the process of migrating your wallets to a secure multisig wallet using Gnosis Safe and Trust Wallet. We provide step-by-step instructions for you and your team to perform a straightforward migration by transferring smart contract ownership to the newly created multi-sig wallet.

migration

Figure 1: Time to migrate.

Out of scope

The following point will not be detailled on our guide.
  • To create an account on Trust Wallet. Please refer to this guide .
  • For a detailed explanation of the usage of an upgradable contract, please refer to Openzeppelin Documentation.
  • Technical teams should be able to choose their favorite web3 development and testing framework to properly create the transactions required to perform the contract migration. Also, they should be able to perform the proper setup for testnet and mainnet.

Migration Prerequisites

We highly recommend that all projects managing significant amounts of crypto assets, such as project treasuries, migrate their funds to new smart wallets. Additionally, we strongly advise projects with simple crypto wallets that have elevated privileges in their decentralized applications to switch to a multisig solution. If your project has any roles with elevated privileges in its smart contracts, it is essential to migrate all the wallets from classic to multisig setups. This guide provides detailed instructions on how to use Gnosis Safe and Trust Wallet to manage the Safe. However, before considering migrating your smart contracts to a multisig solution, ensure that your project complies with the following requirements:

Make sure your smart contracts have a mechanism to change the addresses with elevated roles. For instance, if your smart contract is using the Ownable interface, one might be able to use the contract function transferOwnership to transfer the ownership between addresses - in this case from an External Owned Address (EOA) to the multisig wallet. If your contract does not have this capability to change a role address, we suggest adding such capability to a new version of your smart contract and upgrading it. Note: to upgrade one’s smart contract, one needs to use a proxy smart contract. Create your Multisig wallet using Gnosis Safe. Create your free Trust Wallet account, on mobile or desktop.

Migration steps

  1. Creation of a Gnosis Safe.
  2. Prepare smart contract migration in the test phase (testnet).
  3. Perform and validate smart contract migration on production (mainnet).

Create the Gnosis Safe

  1. Start the creation process
  2. To create a new Gnosis safe multi-wallet, connect to their official website and select the option to create a new Safe.

    Create Wallet

    Figure 2: Gnosis Safe safe creation process

  3. Use Wallet Connect
  4. To connect their multisig wallet with Trust Wallet, select the WalletConnect plugin.

    Connect Wallet via WalletConnect

    Figure 3: Connecting Trust Wallet via WalletConnect

  5. Connect With Trust Wallet
  6. Open Trust Wallet with the device of your choice. Trust Wallet exists for mobile android, iOS, Web plugins's and desktop platforms.

    To associate your wallet with the multisig one, use your favorite platform and either scan the QR code that appears on your screen with your smartphone or upload the QR code using the associate feature in the app. Make sure to choose the Trust Wallet with enough funds to pay for the Transaction. In our case, the multisig creation cost only 0.31$.

    Wallet Connect QR
    Figure 4: Wallet Connect QR code connection.

  7. Associate the wallets via QR code identification.
  8. After scanning the QR code with the Trust Wallet application, the Trust Wallet BNB Smart Chain address becomes available on the right top corner of the following page.

  9. Setup the multisig wallet details
  10. Choose a multisig wallet name that is displayed in the Gnosis Safe web app. Finally, make sure you select the BNB Smart Chain network.

    Safe Setup

    Figure 5: Safe wallet setup for BNB Smart Chain, connected to one’s Trust Wallet account.

  11. Setup the wallets and threshold.
  12. Click Next and add the other wallet addresses of the wallets used to validate your transactions.

    For relevant crypto wallets, we recommend at least 3 signatures. Also, we recommend using a threshold of at least 50% of the total number of associated wallets. The more keys a project manages the larger surface of the attack and the higher the probability of mismanaging them or having them stolen.

    Such a recommendation comes after the incident with Harmony Horizon Bridge had 2 out of 5 private keys stolen and also raised a concern about how to securely manage private keys on a validator node… But that's a discussion for another time.

    Smart wallet wallets Setup

    Figure 6: Setup of underlying wallets associated with the multisig wallet.

  13. Review the final setup.
  14. The next page displays the summary of the Wallet setup.

    Smart wallet wallets Setup

    Figure 7: Multi Sig creation Summary.

  15. Validate the multisig creation from your TrustWallet app.
  16. When clicking next, your Gnosis requests the confirmation and the signature from your first and main wallet. In the meantime, the screen looks like this:

    Wallet creation awaiting confirmation

    Figure 8: Wallet creation awaiting confirmation.

    This is the message you receives in your Trust Wallet application:

    Trust Wallet approval
    Figure 9: Trust Wallet mobile app view on multisig wallet creation approval.

    Approving the transaction pays the required fees for Gnosis to deploy the multisig smart contract on the chain. Once the transaction is approved and paid, the Gnosis web app should change to

    Safe created

    Figure 10: Successful creation of the smart wallet.

    Finally, you can see your multi-wallet created in the Safe. You find the following page with your multisig wallet address. This is the new 0x address you should use when migrating your contracts.

    Safe account summary

    Figure 11: Gnosis Safe account with the newly created multi-signature wallet.

  17. Managing Gnosis multisig wallet.
  18. After the creation, it is still possible to perform changes in wallet composition. it is possible to manage (add, remove) the wallets associated with the multisig one as well as change the threshold number for validating transactions.

    For this reason, access to the Gnosis Safe app should be very limited. Never leave your notebook unlocked and don’t use password-saving features in web browsers. Make sure to have a clear change management process for performing this kind of change.

    Safe account summary

    Figure 12: Gnosis Safe multisig settings enabling multisig wallet management.

Prepare smart contract migration on Testnet

Before performing the migration directly on the main net. Projects should always try to perform the migration in the BNB smart chain test chain. However, it is possible your team already has internal technical guidelines or processes regarding such migration. Make sure to check with your team lead before moving forward.

Even if Trust wallet and Gnosis Safe aren’t (yet) available in BNB smart chain testnet, it is important to test the transaction in the testnet and validate that your transaction has the expected results. Transferring the ownership of a smart contract to an address you don’t own can have serious consequences. You would not only make you lose control of the smart contract and its associated funds but it would also make you lose ownership of all the smart contracts that the first smart contract owned.

1 - Load the target smart contract in BNB smart chain Testnet using Hardhat or Truffle

2 - Execute the transaction to change the address of the privileged role. For instance, using the transferOwnership method for contracts relying on the Ownable smart contract.

Using the following brownie script One can change the ownership of a dummy contract that uses Ownable interface. It only requires us to use the transferOwnership capabilities.

Brownie Snippet

Figure 13: Brownie python snippet enabling the transfer of ownership of a token contract.

3 - After executing the transaction, make sure that the address has changed according to your expectation. Either check using the testing frameworks of the respective framework you are using. Chai for Hardhat or Mocha for Truffle. The result is also available in BNB testnet chain explorer: https://testnet.bscscan.com/

Verification on BSC Scan

Figure 14: Alternatively verifying results in BSC scan.

Note: the best practices would require the project teams to use the same tech in the test phase - Gnosis Safe and Trust Wallet but they are not available in Test net. Therefore feel free to use other wallet solutions compatible with BNB smart chain testnet such as Metamask.

Note 2: One might feel comfortable using the dev tools forking mechanism to perform the test locally and validate that the transaction has the expected results. However, for larger projects, small changes can have a considerable impact on their other smart contracts. Also, other decentralized applications might depend on them. Therefore it is preferable to perform such validation in a long-lasting environment such as the actual Blockchain Testnet environment. Also, running all integration tests might be required to confirm no collateral issues.

Perform and validate smart contract migration on Mainnet

Now it is time to perform the previous steps on mainnet. Make sure that your wallet has enough funds to perform the change in the smart contract.

Script execution in prod

Figure 15: Script execution result for mainnet.

· 14 min read

Introduction

Crypto wallets are a piece of software used to manage and transfer crypto assets. But different from traditional wallets, no crypto assets are stored in them. Crypto wallets, however, are composed of a public key that is associated with the wallet's public address used to send someone crypto assets. and, private keys, which are necessary to access and manage the associated assets. Crypto assets stay on chain, their smart contract state changes to reflect the changing of owners.

Crypto wallets are the first component a new user has to start learning. And they are fundamental for anyone wanting to interact with crypto assets, decentralized applications (Dapps) - in Decentralized Finance, Non-Fungible Tokens, Decentralized Autonomous Organizations, etc.

Even if under the hood, crypto wallets rely on the usage of secure asymmetric cryptographic keys, managing such keys has always been a security challenge in the IT industry. Over the years, asymmetric keys have been used to secure communications between parties, by ensuring message confidentiality and are heavily used to secure internet communications between browsers and servers, with the famous HTTPS standard.

www secure communications

Figure 1: Worldwide secure communication with TLS and HTTPS.

Now, cryptographic keys have the challenge of securing crypto assets. This is a completely new use case that presents more risks than using public key infrastructure (PKI) to secure messages between parties over the internet. The financial impacts cannot be compared. Instead of being stored securely in Hardware Security Module (HSM), managed by a Key Management System secured by cloud providers with years of experience and a team of experts, crypto wallets can now be stored in a browser plugin, in a web app, mobile app or in a desktop app. Lot of relevant characteristics exist for crypto wallets: are they hot wallets, cold wallets, paper wallets, or hardware wallets? Do they implement hierarchical deterministic standards, are they blockchain-specific, multi-chain? Are they self-custody or 3rd party custody? With all these questions, arise security concerns that we are not addressing in the article.

Mismanaging crypto private keys has been a common cause of loss of funds for investors and a reason for Dapps to be hacked. In the long run, this becomes a major problem for wide crypto adoption. Especially when compared with today's banking system security and user experience.

So far, the Web3 industry has been getting inspiration from the IT industry's best practices, when considering the public key infrastructure. However, is it enough? Should the Web3 industry create new standards dedicated to such use cases?

Crypto Wallets and Single Point of Failure (SPOF)

However, the usage of public keys to managing assets associated with a crypto wallet is unfortunately risky. Indeed, the seed phrase and the private keys become a central security element that can put all the funds associated at risk. In this article, we are further evaluating the risks associated with the loss or the theft/leak of private keys.

Loss of Seed Phrases and Private Keys

If a private key or a seed phrase is lost, users are not able to access their crypto assets. According to Chainalysis, 20% or $140 billion dollars of all bitcoins are lost. Many stories of users that lost their wallet password, or the hard drive containing the wallets, seed phrases, and hardware wallets. Once keys are lost, by design, for asymmetric cryptographic keys to be secure, it is impossible to regenerate the private key. Therefore, funds are lost forever.

Stolen or Leaked Private Keys and Seed Phrases

Similarly, if these sensitive pieces of information are stolen, malicious actors get full control of one's assets. The most common and most effective type of attacks in the crypto industry is the usage of social engineering attacks, phishing and scams are still the most profitable ways to steal crypto assets because they are single and rapid to be put into place, one only need to build a fake website pretending to be real Web3 projects, or fake wallet application that steal the data one inadvertently shares with them. In many cases, such malicious applications request seed phrases or private keys, which should never be shared - only if one migrates their wallet’s private keys to another wallet provider. To summarize, as a user or investor, it just requires a small amount of inattention for one to click a malicious link and interact with the underlying application for them to lose part of all of their crypto assets.

For projects, it becomes a real problem to manage a considerable amount of crypto assets. The project is only as secure as their less secure link. Not only are they susceptible to phishing attacks, but also, to hacks and sometimes internal jobs or an employee who went rogue that could be covered as hacks.

Note: If one discovers, their private keys or seed phrases have been compromised, they should move any remaining assets to a new safe wallet as soon as possible!

This is why we consider crypto wallets a single point of failure. A single point of failure is a part of a system that, if it fails, causes the entire system (Decentralized application or wallet) to fail. It is a critical component or a bottleneck that, if it becomes unavailable, causes the system to be unavailable as well. It is important to identify and mitigate single points of failure in order to increase the reliability and availability of a system.

In a Public Key Infrastructure (PKI) system, a single point of failure can exist if the private key associated with a particular public key is lost or compromised.

So let’s consider the classic dilemma in the web3 ecosystem: “Not your crypto, not your coins” - the dilemma between self-custody such as hardware wallets, and third-party custody, such as in exchanges. On the one hand, one should take full ownership of managing their crypto wallets, using, storing, and securing them on their own. They would be subjected to the existing risk of losing or mismanaging them. On the other hand, some users would rather delegate the management of their crypto wallet to a third party that is specialized in the matter. This is a valid debate.

Self custody

Figure 2: Ledger self-custody hardware wallet.

 It is important however for every end-user to understand the risks associated with the management of crypto wallets. But when thinking of mass adoption, there is always a community that would rather pay not to have to waste time or to worry about the risks and responsibility that it is to securely manage their crypto life savings. Such groups would rather rely on a trusted third-party entity to do it for them. Similar to what we have done over the years with banks and insurance.

3rd party custody illustraction

Figure 3: Illustration of a third-party custody safe.

 However, in this article, we are not evaluating the many practical and philosophical pros and cons of each one of the options and are limiting ourselves to mentioning that each option implies a very different level of responsibilities and requires different levels of expertise in cybersecurity, in general. Self-custody, with today’s technology, is still risky even for individuals with technical knowledge.

But, many solutions are in place to address the single point of failure problem and enable a more secure self-custody experience for users and web3 projects. So let’s discover the solutions.

The Secure Future of Crypto Wallets

To mitigate the risks of a single point of failure in PKI, over the years organizations have created securities policies and best practices gathered in security frameworks such as the ISO/IEC 27099. In such a framework, some of the guidelines suggest the implementation of robust key management protocols in combination with HSMs, as well as regular testing and monitoring of these systems for vulnerabilities. This includes implementing measures such as backups and redundant solutions to ensure that the system remains functional in the event of a key management failure, at the software and hardware level.

However, the crypto space has changed the way we use public key infrastructure. Now, the new practice is to use it for managing crypto assets. And PKI's traditional policies and procedures did not take into account the usage of such mechanisms for crypto asset management. The web3 industry had to develop solutions for this new use case of asymmetric keys being used as wallets.

Thanks to cryptographic techniques such as signature verification, multi-party computing (MPC), and smart contracts technology, two new solutions are being considered the future of crypto wallets because of their ease of use, flexibility, security, control, compatibility with current existing solutions while addressing the problems of a single point of failure. On the one hand, there are the Multi-party Computation Wallets and the Smart Wallets, also known as multi-signature (multisig) wallets.

Multi-Party Computation Wallets

 Firstly, multi-party computation (MPC) wallets are crypto asset wallets that can use MPC cryptographic techniques such as secret sharing, homomorphic encryption, zero-knowledge proof, or oblivious transfer. The goal of such solutions is to enable different parties to manage one private key and the assets associated with it, without one single participant knowing the whole private key. This means, not a single entity knows the private key on his own, which prevents them from accessing the funds.

Such particularity makes an MPC wallet a tool for creating a shared crypto account, with family members or with your business partners. MPC wallets help in introducing trust when required to manage crypto assets together.

MPC wallets are still in their early days, mainly because (secure) multi-party computation is still an evolving field in cryptographic and should still evolve in the next few years with great new techniques.

Here are some of the MPC advantages:

  • Off-chain recovery.
  • Chain agnostic.
  • No gas overhead.
  • No need for change in Dapp for integration.

Some of the drawbacks are:

  • Early stage technology, libraries implementations, which is not great from a security point of view because they can have undetected vulnerabilities.
  • Immutability and lack of redundancy - once created, one cannot change the signers of the associated wallets. In case one loses their wallet, all the funds stored in the MPC will stay blocked.
  • All wallets associated with it have to sign. There is no m-over-n signature architecture.

Smart Wallets

Secondly, smart (contract) wallets or multisig wallets have been used and battle-tested for longer. Indeed, they are smart contracts deployed on chains and publicly available for anyone to verify. With smart wallets, similarly to MPC wallets, it is possible for a group of individuals to manage together crypto assets associated with the main smart wallet.

Multisig wallet owners are able to set up the minimum number of signatures required for the wallet to validate and authorize transactions. This allows them to distribute the keys associated with the main wallet account to other parties, decentralizing the responsibility of managing the funds of a project and creating redundancy.

Practically speaking, to authorize a transaction multiple parties have to read and validate the transaction before it can be taken into account. Thanks to this mechanism, if one of the private keys is lost or stolen, a malicious actor will not be able to access the funds without the other wallet owners. And they are notified someone is performing a suspicious transaction that can be confirmed directly with other key managers. Such a mechanism provides an additional layer of security for the wallet and the crypto assets it holds.

Multisig wallets are important for individual users who want to keep ownership of their crypto assets. This helps solve the problem of lost hard drives where crypto wallets or seed phrases were stored. If one gets lost, they still can manage the funds and reconfigure the multisig and remove the lost key and add a new one.

2 of 3 Multisig Wallet

Figure 4: 2 of 3 Multi-Signature wallet.

Additionally, multisig wallets can provide an additional layer of security for organizations or groups such as DAO that hold large amounts of crypto assets. By requiring multiple signatures for transactions, multisig wallets can help to prevent unauthorized access or misuse of the funds. One of the main actors that can benefit from multisig wallets is the web3 projects. In recent history, many hacks such as The AscenDex hack as well as the Ankr protocol hack happened because of leaked/stolen private keys. These two projects suffered major financial losses severely impacting not only the project financials but their partners and the trust placed in them by the users, investors, and the community. Multi-sig could become a new standard.

Multi sig has also a very interesting added value. From the perspective of web3 projects and protocols: The increasing number of smart contracts in a decentralized application and the increasing complexity of their architecture and interactions, it becomes fundamental to provide transparency and visibility on key performance indicators such as the usage of a secure crypto wallet. They fulfill two main roles: managing crypto assets, but also performing important actions in decentralized applications such as updating the smart contract, pausing a protocol, changing the fees, etc.

Such information is relevant not only for web3 projects' internal security and monitoring but also to increase trust between them and business partners, customers and investors. Since the blockchain is a single source of truth, all the stakeholders can easily verify the security measure on the chain,

Observability and Monitoring

Figure 5: Observability and Monitoring.

  Smart wallets are one of the most advanced security solutions for managing crypto wallets for projects to allow anyone to certify they are using proper security measures to protect their applications and as a consequence, protect their users, their business partners, and their community.

Smart wallets are quite versatile, enabling more features, and here are a few of them:

  • Timelock - prevent spending before a certain date.
  • Spending limits.
  • Mutability, add and remove keys or signers after the wallet is set up.
  • Gas abstractions and pay for fees with other tokens than network tokens.
  • Transaction batching.

Some of the drawbacks are:

  • The overhead for the multi-wallet creation is about 30-40.000 gas and an additional 2.000 gas on the subsequent ones.
  • Requires Dapp adoption of the EIP 1271 standard.

Conclusion on the Security Perspective.

MPC and Smart Wallets are the future technologies for crypto wallets even if MPC and its cryptographic technologies are still being developed and standardized. Multisig, on the other hand, has been around for longer, and battle-tested and even hacked with the Parity Multisig Hack which made projects put more effort into smart wallet security. Both types of wallets create redundancy to prevent the mismanagement of funds by one user.

Even if MPC wallets display a simpler and off-chain process for wallet creation and recovery, being a little cheaper to use and more compatible with decentralized applications, they lack flexibility once they are created. Losing any of the keys required to sign a transaction prevents the parties from accessing the wallet's funds. Smart wallets on the other hand are more flexible, users can be added or removed from the multisig wallet, and keys can be rotated, which is important in case of a security breach or a lost key. Finally, because they are smart contracts, they can implement very different functional features such as paying limits, lack of funds, and others.

We prefer Multi-signature wallets over other options such as multi-party computation wallets because the latter cannot be easily identified nor audited on-chain. Any project user, business partner, or investor can verify on the chain they are using security best practices to reduce the risks associated with a compromised private key be it an internal job or an external hack, it just makes the whole system more redundant and resilient.