Crypto Wallets
Crypto wallets are at the forefront of digital identity innovation.
One of the most important decisions when starting out with crypto/web3 is choosing the right wallet to protect your assets and faciliate common exchanges of value.
Context
Wallet Types
Which wallet is best for your needs?
- Burner Wallets
- Browser (Hot) Wallets
- Hardware (Cold) Wallets
- Multisig Wallets
- Social Recovery
Burner Wallets
Great for onboarding and batching transactions.
Generated on the fly in the browser.
Browser (Hot) Wallets
Hardware (Cold) Wallets
Multisig Wallets
Interface Packages
Account Abstraction intends to smooth onboarding exerience into Web3. Which blockchain does it best?
Wallet Best Practices
Wallet and Key Management
- Private Key Security Tips
Browser Hot Wallets
(MetaMask, Phantom, etc)
Hardware Wallets
(Ledger, Trezor, etc)
- Air Gapped
- Medium Value
- Not good enough for a protocol dev
- Prone to wrench attacks
Multisig
Using Multi-signature (MultiSig) wallets is critical if deploying a Smart Contract to secure digital assets under your trust.
Actionable Insights: Continuosly evolve and follow best practices
- Diversify risk: Use MultiSig wallets to distribute authority and eliminate single points of failure.
- Choose the right setup: Select a suitable M-of-N setup, such as 2-of-3 or 3-of-5, based on your security needs.
- Use multiple hardware wallets: Store private keys in different locations and use multiple hardware wallets from different vendors to enhance security.
- Segregate access: Keep private keys on separate devices and avoid storing all keys on a single device.
- Implement robust backup and recovery processes: Ensure secure backups of seeds and wallet configuration files.
- Monitor transactions: Regularly review transactions to detect any suspicious activity.
- Use secure communication: Employ encrypted communication protocols between authorized signers and the MultiSig wallet.
- Conduct regular security audits: Perform security assessments and penetration testing to identify vulnerabilities.
Risk Checklist:
- Single point of failure: Using a single hardware wallet or storing all private keys on one device.
- Compromised key holders: Losing or misplacing private keys or having key holders become uncooperative.
- Inadequate backup and recovery processes: Failing to securely back up seeds and wallet configuration files.
- Insufficient security measures: Not implementing robust security protocols, such as encryption and secure communication.
- Lack of diversification: Using the same hardware wallet or vendor for all signers.
- Inadequate monitoring: Failing to regularly review transactions and detect suspicious activity.
- Poor key management: Not securely storing and managing private keys.
- Inadequate security audits: Failing to perform regular security assessments and penetration testing.
Wallet Vendors:
Social Recovery Wallets
Setting up a Safe
Build your own Wallet
Post Deployments
https://github.com/Cyfrin/evm-wallet-and-post-deployment-course
Best practices for managing contracts post deployment.
Start with solid pre-deployment preparation to be attacked.
- Monitoring
- Forta Bot
- Incident Response
- Handling Bugs
- Blockchain Sleuthing
Post
Wallet Architecture
What are fundamentals to wallet architecture?
Need to connect the dots across:
- discovery
- decision routing
- game loading