W3F and Trail of Bits release “Guidance for Secure Use of Hardware Wallets”
As all of our followers know, the Web3 Foundation conducted a public token sale last year for a 50% allocation in the Polkadot genesis block. Individuals around the world contributed $144 million, mostly in Ether. Unfortunately, that Ether became frozen due to a bug in a Parity library contract that our multi-sig contract referenced.
Not all of the funds collected were in that contract, and we’ve been able to continue to fund the development of the Polkadot project and other community initiatives such as the Ethereum Community Fund and Web3 Summit.
Following the fund freezing incident, we conducted rigorous audits on our processes for securing funds. We are committed to improving these processes and are excited to share our progress.
Since the bug exploit one year ago, Parity Technologies has developed increasingly better practises around secure coding, as outlined by their CTO Fredrik in a recent blog post “Secure from scratch: our new smart contract development processes”. Parity worked hand in hand with Trail of Bits to improve their secure development process.
The Web3 Foundation contracted Trail of Bits to conduct a security audit on our hardware wallets. The audit covered the setup of the devices as well as the processes surrounding their use.
We asked Trail of Bits if they would share the high level learnings from our audit report and we are happy to report that the security guidance provided to us in the audit is now open source for the community to read.
Read the Trail of Bits blog post.