Frame Security Audit: FRM-01

Frame is an Ethereum interface like MetaMask that aims to improve flexibility, security and decentralization by living at the OS-level. It isn’t dependent on a browser or extension store and works with any type of dapp: web, desktop and even command line. Frame currently supports macOS, Linux and Windows along with Ledger and Trezor hardware signers.

Recently, Frame completed its first security audit conducted by Cure53 and funded by Aragon. We’re happy to report the audit results were very positive. From the official report…

Over the course of this 2018 assessment targeting the Frame desktop application, Cure53 has gained a very positive impression about the security posture of the examined project. Having spent six days on the test-targets in late August and early September of 2018, four Cure53 testers involved in this assessment can ascertain that security is a clear priority for the Frame’s maintainer.
Despite reaching a very good coverage, which was facilitated by having an adequate amount of time invested into this project, only two “Low”-ranking vulnerabilities and four general weaknesses have been spotted. Moreover, the latter four flaws are only “Informational” in nature and pose no immediate threats to the scope. It must be emphasized that this is not a typical result for a test of this kind and, consequently Cure53 is very impressed with the outcome.

You can see the full report here.

In v0.0.7 we addressed and fixed every weakness found by the audit, both “Low” and “Informational”. You can download v0.0.7 here.

I’d like to thank Mario and the team at Cure53. They were a pleasure to work with before, during and after the audit. They were able to supply us with helpful insights and were responsive to any questions that came up. We hope to work with them more in the future. I’d also like to thank Aragon for supporting Frame and making this possible.

We’re very encouraged by the results of the audit and excited to get Frame into the hands of more users. This process was a big step towards our next major milestone, the official mainnet release! Security will continue to be a core focus for Frame moving forward, including future audits.

If you’re a developer, check out Frame’s Developer Prerelease and start using it with your dapps today! If you’re interested working on Frame, email jordan@frame.sh or reach out to @frame_eth on Twitter for more information.

Thanks again to Cure53 and Aragon!