Security

Wallets are high-stakes piece of software as they deal with sensitive user data and funds. To ensure that their code is secure, industry best practices involve regularly submitting the wallet's source code for audit by an independent security auditor. These companies specialize in reviewing source code with an eye for security vulnerabilities. They report their findings to the wallet's development team for consideration, pointing out both flaws and potential security improvements.

These security audits matter in order to ensure the wallet's source code is secure, and remains that way over time. Wallet development teams typically publish such audits so that wallet users can feel safer knowing that the wallet's source code was independently audited.

Transactions in Ethereum are very difficult to reverse, and there is no shortage of scams. Wallets have a role to play in helping users avoid known scams ahead of the user making the transaction.

"Trust but verify" is one of the foundational principles of blockchains. It refers to the ability for participants to verify that the chain data is valid when they interact with it.

Without such verification, users rely on trusted third-parties to tell them what the state of the blockchain is, similar to the web2 trust model. This allows such third-parties to trick wallet users into signing transactions that do not end up having the user's intended effect.

To avoid this, Ethereum was designed to be verifiable on commodity hardware. Using a light client , this verification is possible without having to download the entire blockchain.

Hardware wallets are physical devices that store a user's private keys offline, providing an additional layer of security against online threats. By keeping private keys isolated from internet-connected devices, hardware wallets protect users from malware, phishing attacks, and other security vulnerabilities that could compromise their funds.

When a software wallet supports hardware wallet integration, users can enjoy the convenience and features of the software wallet while maintaining the security benefits of keeping their private keys offline. This combination offers the best of both worlds: a user-friendly interface with enhanced security.

Supporting multiple hardware wallet options gives users flexibility to choose the hardware solution that best fits their needs and preferences.

Passkeys provide a secure and phishing-resistant way to authenticate users without relying on seed phrases. Using gas-efficient and well-audited libraries for verification is crucial for both security and cost-effectiveness.

P256 signature verification is computationally expensive on-chain, so using optimized libraries reduces transaction costs.

Some verification libraries have undergone multiple security audits while others may have fewer or no publicly available audits.