The Factors Behind Open-sourcing
Blockchain is often referred to one of the most ground-breaking technologies in the twentieth century with potential to positively impact every industry ranging from finance to supply chain to even day-to-day commerce. Blockchain wallets take up the crucial role to enabling interaction between normal users and the blockchain technologies. However, despite being one of the fundamental and essential tool in the blockchain world, there is currently no common, agreeable wallet standards in the industry.
imToken was established in May 2016. Within a short span of 2 two years, imToken has become one of the most popular digital asset management tools globally due mainly to the simplicity of the user interface and the variety of functionalities imToken 2.0 offers.
imToken 2.0 is a feature-rich asset management tool, including multi-chain management supporting the Ethereum, Bitcoin and EOS blockchains as well as easy access to decentralized applications (DApps). The potential imToken offers, the wide user base and user-friendly wallet interface attracted the attention of many different blockchains and DApps projects in the industry.
One lesser known fact is the background of the imToken team. Along with our CEO and founder, Ben He, there are more than 45 team members who excel in different aspects ranging from development, research and execution. Even with a well-balanced team on both the development and operation sides, we have always understood the compounding effect of collective effort from the community, which led us to the eventual decision of open sourcing our TokenCore code. The pros far outweigh the cons.
With that, we call out to all the talented blockchain developers out there, join us on our journey to breakthrough all the skepticisms on wallet development, to build a perfect wallet for all.
The Details of The Open-sourced Code
We have open-sourced the following codes prior to the announcement:
- The EOS Voting DApp: Stake-vote
- The SDK for decentralised exchange, Tokenlon
With this announcement, we are open-sourcing the imToken 2.0 TokenCore code. So, what is the TokenCore code?
The TokenCore code is responsible for the management of user wallet’s private keys. The first commit on the TokenCore code was done more than two years ago, to date, the stability and reliability of the code were both tested and proven by more than 7 million users we have right now.
imToken is a decentralized asset management tool, more common known as a decentralized wallet. When a wallet is created, a set of public and private key will be created with the random number generation algorithm. The private key, which grants complete control over the wallet’s asset, is stored locally in the user’s device sandbox system in the form of a Keystore, encrypted with a password set by the user. Prior to the execution of transactions, users are prompted to input the password to decrypt the Keystore, granting access to the private key to authorise the transaction.
The imToken 2.0 TokenCore code, coupled with the native code of iOS and Android are all open-sourced on imToken’s Github:
- For Android: https://github.com/consenlabs/token-core-android
- For iOS: https://github.com/consenlabs/token-core-ios
The TokenCore code consists of the following:
Encrypted Storage of Private Keys
- Single Private Key storage in V3 format from the Ethereum community
- Self-developed encryption system that enables storage of Mnemonic Phrase
ETH
- V3 KeyStore
- The derivation of Private Keys from Mnemonic Phrase
- Transaction signing format
BTC
- The derivation of Private Keys from Mnemonic Phrase
- Normal and SegWit signing format
EOS
- The derivation of Private Keys from Mnemonic Phrase
- Transaction signing format
Identity
- The derivation system for multi-chain wallets’ Private Keys
- Personal data management with unique digital identity, stored in IPFS
Various blockchains serialisation
Preparation Done before Open-sourcing
Given enough eyeballs, all bugs are shallow. — Linus’s Law
We have always worked closely with renowned security audit firms including Slowmist and Cure53 since the beginning. The firms provided invaluable feedbacks and advice for the preparation of open-source, and also organised a bug bounty program along with us.
- Cure53’s audit report: https://cure53.de/pentest-report_imtoken.pdf
- The Bug Bounty Program on the Slowmist community: https://slowmist.io/en/imtoken/index.html?utm_source=index&utm_medium=cpc&utm_campaign=imtoken
We encourage the developer community to go through and share the TokenCore code Bounties will be rewarded for identified vulnerabilities and bugs, please feedback to us through the announced platform or via email. We will also actively participate in different international security platforms such as Hackerone, to share our code to be scrutinised by renowned white-hat hackers all over the world.
The blockchain industry advocates natural openness. We hope that open-sourcing the code will lower the barriers of entry for developers or enterprises alike to jointly embark on the journey to construct a robust ecosystem for imToken. We sincerely welcome all to join the imToken developer community on our Github!
Sincerest gratitude to:
1024, Honor to all contributors, contribute to all builders
1024, Let’s make blockchain happen
Ben & the imToken Team
