Temple Wallet
DeFi
SEP 2021 - MAY 2022
Crypto wallet security assessment for Temple Wallet
The Temple Wallet web extension and mobile apps developed by Madfish Solutions are part of the Tezos blockchain ecosystem. Cryptocurrency wallets require advanced security measures and security guarantees similar to modern financial or banking apps. As a non-custodial wallet, Temple Wallet puts a strong emphasis on data protection on the client side: storing private keys and mnemonic phrases and signing transactions on behalf of a user.
The Tezos Foundation requested Cossack Labs to conduct a security audit of the Temple Wallet mobile applications and the web extension from Cossack Labs. Cossack Labs performed the audit, outlined issues and suggested improvements to security and cryptography aspects of wallets’ source code and cryptographic design. See below.
Temple Wallet audit results
In the public reports, we summarised the security assessment of Temple Wallet apps: the process, a list of findings and their status, and theoretical and practical concerns. We'd like to highlight the Madfish team's solid security-oriented engineering effort in building and securing the apps. Read details below.
Industry
Fintech
Blockchain
Cryptocurrency
Technology stack
React Native (iOS, Android)
Web extension (Chrome, Firefox)
LPoS
Regulations
Typical fintech security requirements
Encryption Export Regulations
Challenges
User's private keys protection against leakage and abuse
Secure storage of an account's private keys is crucial for non-custodial cryptocurrency wallets because their leakage equals losing the funds. Building intuitive security-focused design and transparent apps' business logic should prevent users from accidentally exposing private keys or signing fraudulent transactions.
Encryption scheme should be consistent across all supported platforms
Account synchronisation means that users can easily open their account from the mobile app to the web app, and back. The sync process occurs by transferring the account's seed—encrypting the data in one wallet and decrypting it in another one. Thus, each supported platform should use the same crypto primitives. Cryptographic libraries available natively (on iOS, Android, and the Web) are frequently out of sync, forcing to use a third-party crypto primitives source.
Binding encryption with user authentication
Crypto wallets often use in-app passwords to derive a cryptographic key for encrypting wallet’s private data. Thus, they make users fully responsible for passwords security. This approach should be implemented with caution, using a reliable password-based key derivation function and informing users that losing their passwords may result in the inability to restore their data.
Secure communication with DApps
Apps are third-party apps that communicate with the wallet and allow users to perform more actions with their funds and NFTs. Communication with DApps should be protected: authenticated, validated, and sanitised to avoid issuing unintended transactions.
Dependency management
Modern software development brings the common practice of heavily relying on many external dependencies, including cryptographic and security libraries. It raises the question of selecting reliable and secure third-party libraries (especially for the React Native ecosystem) and regularly updating them as a part of Secure SDLC.
Secure local storage is complicated on each platform
Each platform has its own approach to storing sensitive data securely, which requires a thorough understanding of each platform’s internals. For example, iOS provides Keychain to store any sensitive data; however there's no similar secure storage for Android or web extension, so developers must implement data at rest encryption on their own.
Web apps risks
Web extensions operate in a risky environment. Their security relies on the browser's and the user's machine's security. Wallets can be targeted through a browser via installed malicious extensions or browser exploits that provide access to the extension memory sandbox. So, proper application security and data protection measures should mitigate these risks.
Technology requirements
Encrypt data at rest
Non-custodial wallets store private keys and mnemonic phrases locally on the client side. They require an advanced level of protection and encryption for data at rest.
Multi-platform solution
The Temple Wallet operates on three platforms (iOS, Android, and Web browsers). A deep dive into threat analysis for each supported platform revealed the need for platform-specific security controls that provide a comparable level of security.
Financial app security built into UX
Users expect security by default from the apps handling their financial data. Apps should inform users about their limitations, provide security warnings and educational tips, and give hints on how to use the app securely.
Our approach
Understanding blockchain and non-custodial wallet security threats
Cryptocurrency wallets could be viewed as a young generation of financial apps with a similar security baseline but blockchain-specific threats. Threats include user deanonymysation, potential attacks on blockchain nodes, secure client-side storage of sensitive data for non-custodial wallets, and many others. Understanding specific threats of the financial apps and applying the cryptocurrency context enables us to prioritise security mitigations.
Building mobile/web platform-specific security controls
Cryptocurrency wallets can work on any platform: Temple Wallet runs on iOS, Android, and as a web extension in different browsers. It means that the app should be designed with risks, threats, and limitations of each platform in mind. Storing wallet seed and user private keys securely on mobile and web requires different approaches. Execution environment trust is often disputed: should applications actively resist running on compromised platforms, or is this the user's responsibility?
Integrating reliable cryptographic tools
Development teams frequently face challenges in using proper cryptographic primitives for the correct purpose, dealing with cryptographic libraries API, befriending libraries across multiple platforms, etc. We audited the Temple Wallet cryptographic code, communicated issues we found, suggested and implemented an improved cryptographic core, and ensured its maintainability for future cross-platform releases.
Solution
We assisted the Temple Wallet team in reviewing their current applications, outlining security issues and improvements, designing and implementing security controls. Also, we provided guidance and oversight for all security corrections, from building new controls to strengthening those that already exist.
We started crypto wallet security audit with risk assessment and threat modelling for the Temple Wallet apps and backend ecosystem:
- Risk assessment and threat modelling enabled us to detect the most fragile application flows even before starting an actual implementation review.
- We analyzed how Tezos blockchain-wide threats—user deanonymization and DoS of an individual blockchain node—affect users of these particular cryptocurrency wallets.
- We classified security controls as broken, missing, or enhancements and described their impact, setting the priorities as high, medium, and low. Clear classification allows the development team to prioritize security-related work and understand the consequences of addressing found issues.
Temple Wallet web extension, iOS and Android mobile apps underwent a deep cryptography audit.
- Found cryptographic issues varied a lot: from a using weak password-based derivation functions to poor design choices of the cryptosystem-in-a-whole. Many cryptography issues were resolved by migrating the app to the Themis cryptographic library:
- Our security engineers improved the Temple Wallet mobile apps' cryptographic core and integrated Themis, a cross-platform cryptographic library, ensuring that cryptographic primitives fit particular use cases.
- Data-at-rest encryption migrated to AEAD based on Themis SecureCell Seal, which uses AES-256-GCM and contains key derivation functions under the hood.
- Potentially insecure CPRNGs were changed to platform-native CPRNGs.
- The attack surface was reduced by unifying encryption across iOS, Android, and the Web and removing several third-party cryptographic libraries with duplicate functionality.
Besides the cryptographic enhancements, we also provided dozens of application security improvements aligned with the “defense in depth” approach:
- Phishing is one of the primary attack vectors. So, our suggestion included several improvements in business logic and UX, providing users clear hints and hardening the user flow via repeated authentication just before any sensitive action (making a transaction, revealing seed phrase and private key, token delegation, etc.).
- Clear communication of the potential weaknesses of web / mobile wallets and usage best practices to the users.
- Prevention of manual passcode brute forcing by using a counter of failed attempts and throttling user input.
- Introducing a force update feature to push users to update the app if a critical vulnerability is found.
- Designed security controls for protecting wallet seed during QR-code synchronization.
- Typical appsec issues: input validations and integrity checks before using data from any external data source.
We analyzed the development process and made recommendations for improvements, ranging from further automation in the CI/CD pipeline to formalizing a security roadmap:
- Following our recommendations, the Temple Wallet team laid the foundation for Secure SDLC by addressing security at every step of the application development.
- The Temple Wallet team introduced the dependency management process and integrated SAST, dependency, and vulnerability scanning tools in their CI/CD pipeline.
- The development team created a security roadmap to further enhance the security of crypto wallet web extension and mobile apps.
Additional relevant materials
Julia Potapenko made a talk about typical security issues relevant for cryptocurrency wallets. The article Crypto wallets security as seen by security engineers by Julia Potapenko, Artur Hil, and Anastasiia Voitova gives even more research details and certain flaws examples.
Products and services involved
Mobile apps security
Mobile wallets give a gateway to the blockchain backend infrastructure and become a target for curious and malicious users: phishing and API abuse, app cloning and distribution. Mobile app security measures prevent these threats.
Read more
Cryptography engineering
Implementing cryptography is hard, even in cryptocurrency applications. We audited the cryptographic core, found weaknesses, suggested fixes, and implemented a more reliable cross-platform cryptographic layer.
Read more
Security engineering
From security architecture to DevSecOps—we recommended numerous security controls and processes to ensure that wallets achieve and maintain a high-security bar.
Read more
Themis
We suggested a cryptographic library Themis as a building block for unifying the applications' encryption layer across mobile (React Native) and web extension (WASM).
Read moreBenefits
The Temple Wallet web extension and mobile apps are now synced in their security guarantees and provide defence in depth protection for the user’s data. With a security baseline similar to financial apps, the Temple Wallet uses platform-specific security controls to protect users' cryptocurrency accounts in line with industry best practices.
Results and outcomes
The Tezos Foundation and Madfish Solutions received an in-depth security review of Temple Wallet apps, including not only a list of found security issues—but also suggestions for improving application logic from a security perspective.
The security, general stability, and maintainability of the Temple Wallet ecosystem were improved. Applications were enriched with numerous updates in security, cryptography usage and design, platform-specific controls, defenses against reverse engineering and tampering, and other enhancements.
Smooth and maintainable security
Web, mobile, and cloud platforms bring unique threats but provide platform-specific security controls. Combining "boring" traditional application security with platform-specific measures results in reliable protection. Talk to us if you build cross-platform applications and want to take your appsec to the next level.
