Decentralized Audit Approach for Peak Vault Wallet and SDK
BTW have you voted? It still needs more votes to be funded.
Per our PROPOSAL We have decided to go with a decentralized group consensus approach to the audit of the Open Source Peak Vault Wallet, the MetaMask Snap wallet and the Hive Wallet SDK (which works for all wallets)
A beta version of the wallet can now be downloaded here
WHY TWO NEW WALLETS? - We recommend reading the PROPOSAL... essentially decentralization, competition and promotion of Hive (via metamask)
Why an Audit?
We feel this is simply what should be done on sensitive apps that deal with keys and blockchain transactions. You do audits to give users who aren't technical a way to feel safer. Other ways to build trust are when lots of users and lots of websites integrate the software. Also trust in the team behind the work. But audits also do more...
Some Purposes of our Audit:
- Identify Blind Spots: Detect areas we may have overlooked.
- Bug Detection: Find and resolve software bugs.
- Security Focus: Prioritize security over user experience (UX).
- User Trust: Build confidence in our software among users.
Why Choose Hive Power Users and Devs?
While we welcome other external participants, we believe Hive developers have a significant advantage due to their deep understanding of the Hive blockchain. This approach saves the Hive Ecosystem money and provides a more trustworthy and valuable audit.
Traditional audit companies are:
- More expensive.
- Slower to work with.
- Often unfamiliar with Hive's specifics, being more experienced with EVM and Bitcoin.
Scope of the Audit:
- Peak Vault core: The base layer on which Peak Vault and the MetaMask snap are built.
- Peak Vault extension: Browser extension wallet.
- MetaMask Snap: An adaptation of Peak Vault core and extension for MetaMask.
- Hive wallet SDK: A wrapper to seamlessly address Keychain, Peak Vault, and the MetaMask Snap.
Size of the Audit
- PeakVault - This is the main product and the audit should focus on features that have most security impact. There is very little need to go through some of the UI and layout code.
- MetaMask - Once you've audited PeakVault you've done about 80-90% of the work to audit MetaMask snap wallet.
- SDK - A wrapper to the different wallets (Keychain, Peak Vault and MetaMask) that routes requests to the specified wallet. It should make for a quick and easy audit. This is the code that websites would install on their website which would support Vault, Snap and Keychain.
Once you apply for the audit we'll grant you access to the GitLab repositories to check out the code.
Who Qualifies?
- Highly Technical Individuals or Groups: With a security-focused and detail-oriented mindset.
- Hive Blockchain Familiarity: Those who understand the workings and security aspects of the Hive blockchain.
- Ideal Candidates: High-level developers from Hive ecosystem projects.
Special Call Out / Petitions To:
- @stoodkev and the @keychain team: Experts in Hive wallet extensions.
- @yabapmatt and the @splinterlands team: Experienced with large user bases, security, wallets, and keys.
- @khaleelkazi (InLeo) and @good-kharma (@ecency): Representing major Hive ecosystem apps.
- @theycallmedan and @starkerz (or the technical liaison on the @3speak team): Capable of auditing.
- @gandalf: Old school Hive wizard with extensive knowledge of the blockchain.
- @howo: Funded by the Hive community to work on Hive code.
- @themarkymark: Old school Hive user with a technical background in security.
- @arcange: Developer who has worked with wallet-related applications.
- @therealwolf and @ausbitbank: Developers who are also witnesses for Hive and know the software well.
- AND MORE
VOTE
Also we'd love your support on the Wallet Proposal 275/day for one year (includes funds for the group audit) we lowered our funding significantly for this year AND have this new big aspirations.
Vote here
Payment Structure:
We will be setting aside tens of thousands of HBD from the proposal for the audit.
- Sliding Scale: Based on the scope of the audit (vault, metamask snap), initial and follow-up audits, and the auditor's experience.
- Flexible Compensation: We are open to adjusting compensation if unforeseen issues arise and the audit takes longer than expected.
- Application: Contact us via PeakD, Sting chat, or Discord to start a conversation. Audits will officially begin once the Wallet Proposal is funded. However let's chat as we may be able to do one or two before depending on price.
- Ongoing Engagement: We are most interested in long-term collaboration for future updates, even if new features don't pose security risks it's nice for the community to know that nothing changed in a release that would cause concerns.
Why Start Now?
Because it's ready!! The SDK and wallets are functional and ready for use by any Hive App/Website. Core functionality is ready for testing, and an audit will instill trust, encouraging websites and apps to adopt the new SDK and support multiple wallets (Keychain, PeakVault, MetaMask Snap).
How is this Paid?
We are using a good chunk of the Hive proposal to Audit the software now and in the future. The proposal is 275/day. We don't need that much to do the software itself we made the proposal that amount in part with Auditing in mind because we believe it to be important for us and the Hive Community.
Keep in mind the proposal is getting much less funding than one year because it's not funded yet so this also impacts some of our completion time lines.
SUPPORT THE PROPOSAL
Help make make the software better and the audit a reality and vote on the proposal here
Oh right, I somehow completely missed this Proposal
Got my vote now!
This is really an amazing project, I am certainly going to vote the proposal, at least that's is the best way a user like me can support.
This sounds awesome, hopefully you get some good participation! I would love to do it but I don't have the deep technical knowledge on that level, and sadly also not the time.
I wrote a post about proposals last. Now i see how it is done. I will vote after posting this comment.
I wish i am a high tech person, I would gladly audit.
We're happy to have you link the post in your comment so we can see it
Ok then, this is it.
https://peakd.com/hive-167922/@ajorundon/understanding-proposals-and-voting
I voted for the second proposal. I was already voting for the proposal for upgrade etc
Great stuff! I voted on the proposals you have out there!
I'm going to reach out on Discord about the Audit opportunities.
Please help me with a question.
Am I already voting? Or do I need to press the red button and approve?
I think I have already done this, but I have doubts🤔!
Yeah, you are good. The vote was cast because now the button says "Un-Support"
So everything is correct!👌
Thanks a lot for the help.🙏
@howo @stoodkev @arcange @therealwolf @khaleelkazi @good-kharma @theycallmedan (and team) @gandalf ... the software is ready, the wallet is solid and the proposal is at 21m and getting close to funding. We are wanting to start figuring out who can audit the software and figure out costs.
Please reach out to us or suggest a dev you'd like to see audit the SDK and the software. Feel free to tag them.
No one really comes to mind sadly :/
Well, the idea is that "you" can be one of the auditors. Feel free to tag other Hive devs that you think can be a good fit.
cc @mahdiyari @vaultec
You can send me the details
This is a hive-archeology proxy comment meant as a proxy for upvoting good content that is past it's initial pay-out window.
Pay-out for this comment is configured as followed:
Congratulations @peakd! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)
<table><tr><td><img src="https://images.hive.blog/60x70/https://hivebuzz.me/@peakd/payout.png?202407240248" /><td>You received more than 17000 HP as payout for your posts, comments and curation.<br />Your next payout target is 18000 HP.<br /><sub>The unit is Hive Power equivalent because post and comment rewards can be split into HP and HBD <p dir="auto"><sub><em>You can view your badges on <a href="https://hivebuzz.me/@peakd" target="_blank" rel="noreferrer noopener" title="This link will take you away from hive.blog" class="external_link">your board and compare yourself to others in the <a href="https://hivebuzz.me/ranking" target="_blank" rel="noreferrer noopener" title="This link will take you away from hive.blog" class="external_link">Ranking<br /> <sub><em>If you no longer want to receive notifications, reply to this comment with the word <code>STOPCongratulations @peakd! You received a personal badge!
Wait until the end of Power Up Day to find out the size of your Power-Bee.
May the Hive Power be with you!
You can view your badges on your board and compare yourself to others in the Ranking
Check out our last posts:
Congratulations @peakd! You received a personal badge!
See you at the next Power Up day to see if you will repeat this feat.
May the Hive Power be with you!
You can view your badges on your board and compare yourself to others in the Ranking
Check out our last posts: