Content pfp
Content
@
https://warpcast.com/~/channel/walletbeat
0 reply
0 recast
0 reaction
Adam pfp
Adam
@adamhurwitz.eth
@safe is at the top of Walletbeat for security. The next step is knowing what device accounts like Ethereum Phone, Trezor, and Ledger support fully readable Safe transactions txns on their screen to know exactly what is being signed onchain. You should be able to read the full txn details on the device account before approving onchain. https://www.walletbeat.fyi/
4 replies
1 recast
6 reactions
Adam pfp
Adam
@adamhurwitz.eth
1. Under the existing "Devices" column there can be a 4th symbol|value to represent a device account, such as Ethereum Phone, Trezor, and Ledger. It's important to have a diversity of account types especially for @safe approval accounts. 2. A new column "Readability" with values "Full" and "Partial" can indicate how much of a Safe and|or EOA account transaction can be read on device accounts directly.
1 reply
0 recast
3 reactions
Adam pfp
Adam
@adamhurwitz.eth
One of the most promising device accounts Ethereum Phone confirms that Safe txn readability is not supported yet. https://x.com/mhaas_eth/status/1895739765179425093
0 reply
0 recast
0 reaction
polymutex pfp
polymutex
@polymutex.eth
This is interesting. Under the beta framework (https://beta.walletbeat.eth.limo), I think this could fit as part of a (not yet implemented) "transaction simulation" attribute, which here would be expanded a bit in scope to something more like "transaction legibility". My original thought was for it to be about simulating balance change outcomes, but I think it makes sense to extend it to quantify how well a wallet answers the question "what is the purpose and outcome of this transaction?". Similarly it might include legibility for other structured signature types, like SIWE messages. There's still a bit of a tension with the use of hardware wallets, because such wallets are used in conjunction with a software wallet, and the legibility of a transaction is only as good as the weakest of the two. So it's important that such a criteria doesn't hamper software wallet legibility ratings if the onus for fixing this is on the hardware wallet's side.
1 reply
0 recast
1 reaction
Thomas Humphreys pfp
Thomas Humphreys
@so
Great write-up @adamhurwitz.eth ! keen to grab your thoughts on webauthn security & how to address security risks like blind signing txns thru a compromised frontend? Passkeys are great until the frontend gets hacked.
1 reply
0 recast
1 reaction