Harper

New post describing important security considerations for web-apps interacting with Cardano wallets, in particular projects utilising multi-sig transactions. Any feedback welcome!

🚀 Maestro is leveling up! We're thrilled to announce our $3M seed round, co-led by Wave Digital Assets and Draper Associates. This funding fuels our mission to revolutionize Bitcoin DeFi and bridge the gap between traditional and decentralized finance. 🟠 Why it matters Empowering builders: Our state-of-the-art UTXO indexing and developer tools are designed to help onboard millions to Bitcoin. Bridging finance worlds: We're breaking down barriers between traditional and decentralized finance with scalable, user-friendly solutions. Ecosystem synergy: Our partnerships with innovators like Arch Network and Saturn are pushing the boundaries of what's possible on Bitcoin. Trusted by industry leaders, Maestro is paving the way for a new era of innovation on Bitcoin. Join us as we unlock BTC's full potential. Click the link below to find out more ⬇️

🏆 Cardano Summit 2023 Awards 🎊 Congratulations to the winners in the category Developer or Developer Tools 👏 @txpipe_tools 👏 @StricaHQ #CardanoSummit2023 #CardanoCommunity

👀 Early support for Conway primitives in Pallas: github.com/txpipe/pallas/… A big step in the path for #Rust tooling and libraries that integrate with #Cardano governance actions. ♥️ contributors: @hrpr, lisicky (github)

Maestro placed 1st in the Battle of the Builders #cardanosummit2023 The competition was fierce. There were so many brilliant, innovative projects, and we were simply happy to take part. We are truly humbled by this experience and want to thank our fellow competitors.

Dear #Cardano community! We've submitted several proposals for Project Catalyst Fund 10! 🥳 Our mission is to usher Cardano into the mainstream by offering the most advanced dApp developer platform and empower YOU the community to build better, faster, and easier. #Fund10 🧵👇

@dzcodes @nullHashPixel The Solana thing is just catching a bug (or they made it at least plausible that it was a bug). If the wallet creators wanted to be malicious/was compromised they wouldn't do something so obvious

@dzcodes @nullHashPixel Backdoored key generation, replacing addresses in transactions/showing different information to the user in the UI to make them send all their funds to a different address, sending 1 bit of the private key per request hidden in normal calls to an API endpoint... etc

f12 and network tab...

@dzcodes @nullHashPixel Seems reckless to say that monitoring your traffic is a way to minimise most risks of using a closed-source wallet when you are only minimising the specific situation that the wallet is transferring your key phrase (while u happen to be monitoring it) in a way that is detectable

@hrpr That's definitely true, as @nullHashPixel said, absence of proof doesn't mean 100% security. But also open-source doesn't mean verified deployment, so if you are not building everything from the source yourself, you can minimize most risks this way.

@zygomeb @PhilippeVleLong So users trust auditors to point out security flaws, maybe we can also make it expected that the auditors will report any points of centralisation in the code (think auditors already do this in ETH) so users can choose to trust a reputable firms analysis of CS contract

@zygomeb @PhilippeVleLong Thanks! But I think if you are getting an audit and if you think the attestation idea could be good then maybe discuss with the auditor who will already be looking over and understanding the code. Then users can have more confidence in the contract until it is OS - what u think?

In my endless crusade against Djed I have also come around to finding ways and theorize how it could be improved. Basically, the project as is pretty bad -- but the idea is more than noble. The holy grail of a decentralised stable. If there's enough demand, I may commit to it

@zygomeb @PhilippeVleLong If it is to be closed-source contract to temporarily protect IP I think having documentation of how to build txs is a significant improvement while still protecting the source. Also a trusted auditor could attest to/describe any centralised points of the closed-source contract

@hrpr @PhilippeVleLong Fair point lol could argue if its worse or not but bottom line it's a difference between 'can be' or 'is' and which is worse is more of a question of preference. Without formal verification and years of track record you can't exactly be sure of correctness of a contract either.

@zygomeb @PhilippeVleLong At least with the former you can read the code and know exactly what you are signing up for, opting in to have centralised jpg enforce royalties. If it’s closed source, you don’t know everything the contract can do and have to reveng txs in order to build your own. Sounds worse

@zygomeb @PhilippeVleLong You just called jpg’s new smart contracts “moot” because it requires jpg to build some txs. Will anyone other than OptimFi be able to build OptimFi transactions for the closed-source contracts? Or is Tx building too arcane?

@TheAvatarNick So the issue is the message is too general, and an attacker could have you sign this to use another dApp, without you realising its actually for Mercury Chat. Where as if it said "Please sign this to log into Mercury Chat:" it would be much more obvious

@TheAvatarNick To be extra safe I would add something to the msg which indicates that the data is for a particular site, to avoid attacker trying to log into your account, getting this message then asking you to sign it when using another dApp. Then you would realise this sig is for smth else

@amw7 @ADAOcommunity One note on this is that someone could make the tx cancel another signers MinSwap/MuesliSwap order and claim the funds, but the wallet won’t detect these funds belong to the user so won’t warn them of their funds being spent. The SC only checks the order owner has signed the tx.

@ADAOcommunity Roundtable is really cool. I'd love to see the ability for me to upload a custom transaction to have a treasury sign. For example, a smart contract transaction. Basically anything that's more complex than the built-in tx builder can handle.

@zygomeb Agree, current batching model used by SS and MS is not satisfactory

@hrpr I believe it to be a much more fruitful endeavour in the long term with the right tooling and technology support for it

After 5 years in development we finally published the article.

@zygomeb Or when the article describes SS and MS using batching it is just outlining the issues with batching, not that they should be using the pending utxos/chaining technique instead

@zygomeb So do you think the AMMs should let people spend the pool UTXOs but the frontend should constantly update with the newest pending pool UTXO? It sounds like it would work until the traffic is high, then the contention issue kicks in