Filling cryptography and security gaps in Temple Wallet
The Temple Wallet web extension and mobile apps developed by Madfish Solutions are a part of the Tezos blockchain ecosystem. Cryptocurrency wallets require advanced security measures with security guarantees similar to modern financial or banking apps. Being a non-custodial wallet, Temple Wallet emphasizes protecting data on the client-side: storing private keys and mnemonic phrases and signing transactions on behalf of a user.
Tezos Foundation requested a security audit of Temple Wallet mobile applications and the web extension from Cossack Labs. Cossack Labs performed the audit, outlined issues and suggested improvements to security and cryptography aspects of wallets’ source code and cryptographic design. See below.
Temple Wallet audit results
In the public reports, we summarised the security assessment of Temple Wallet apps: the process, a list of findings and their status, and theoretical and practical concerns. We would like to note a solid security-oriented engineering effort of the Madfish team in building and securing the apps. Read details below.
Industry
Fintech
Blockchain
Cryptocurrency
Technology stack
React Native (iOS, Android)
Web extension (Chrome, Firefox)
LPoS
Regulations
Typical fintech security requirements
Encryption Export Regulations
Challenges
User's private keys protection against leakage and abuse
Secure storage of an account's private keys is crucial for non-custodial cryptocurrency wallets because its leaking equals losing the funds. Building intuitive security-focused design and transparent apps' business logic should prevent users from exposing private keys accidentally or signing fraudulent transactions.
Encryption scheme should align across all supported platforms
Account synchronisation means that users can easily open their account from mobile app to web app, and back. The sync process is implemented by transferring the account's seed – encrypting the data in one wallet and decrypting it in another one. Thus, each supported platform should use the same crypto primitives. Cryptographic libraries available natively (on iOS, Android, and Web) are often not aligned, leading to using a third-party crypto primitives source.
Binding encryption with user authentication
Crypto wallets often use in-app password to derive a cryptographic key for encrypting wallet’s private data. Thus, they make users fully responsible for protecting their passwords. This approach should be implemented carefully, with a reliable password-based key derivation function and informing users that losing their passwords might lead to inability to restore their data.
Secure communication with DApps
DApps are third-party apps that communicate with the wallet and allow users to perform more actions with their funds and NFTs. Communication with DApps should be protected: authenticated, validated, and sanitized to avoid issuing unintended transactions.
Dependency management
Modern software development brings a common practice of heavily relying on many external dependencies, including cryptographic and security libraries. It raises the question of selecting reliable and secure third-party libraries (especialy for React Native ecosystem) and regularly updating them as a part of Secure SDLC.
Secure local storage is complicated on each platform
Each platform has its own approach for storing sensitive data securely, which requires an in-depth understanding of each platform’s internals. For example, iOS provides Keychain to store any sensitive data—but there is no similar secure storage for Android or web extension, so developers need to implement data at rest encryption on their own.
Web apps risks
Web extensions operate in a risky environment. Their security relies on the browser security and security of the user machine. Wallets can be targeted through a browser via installed malicious extensions or browser exploits that provide access to extension memory sandbox. So, proper application security and data protection measures should mitigate these risks.
Technology requirements
Encrypt data at rest
Non-custodial wallets store private keys and mnemonic phrases locally on the client-side. They require an advanced level of protection and encryption for data at rest.
Multi-platform solution
The Temple Wallet operates on three platforms (iOS, Android, Web browsers). Deep dive into threats analysis for each supported platform revealed the need for platform-specific security controls that provide a comparable level of security.
Financial app security built into UX
Users expect security by default from the apps operating with financial data. The apps should communicate with users about their limitations, provide security warnings and educational tips, and hint on how to use the app securely.
Our approach
Understanding blockchain security threats
Cryptocurrency wallets could be seen as a young generation of financial apps that have a corresponding security baseline but with blockchain-specific threats. The threats are user deanonymysation, possible attacks on blockchain nodes, secure client-side storage of sensitive data for non-custodial wallets, and many others. Understanding specific threats of the financial apps and applying the cryptocurrency context allows us to prioritise security mitigations.
Building mobile/web platform-specific security controls
Cryptocurrency wallets can work on any platform: Temple Wallet runs on iOS, Android, and as a web extension in different browsers. It means the app should be designed taking into account each platform's risks, threats, and limitations. Storing wallet seed and user private keys securely requires different approaches on mobile and web. Execution environment trust is often disputed: should applications actively resist running on compromised platforms, or is it the user's responsibility?
Integrating reliable cryptographic tools
Development teams often face challenges with using proper crypto primitives for a correct purpose, dealing with cryptographic libraries API, befriending libraries across different platforms, etc. We audited Temple Wallet cryptographic code, communicated found issues, suggested and implemented an improved cryptographic core, and ensured its maintainability for future cross-platform releases.
Solution
We assisted the Temple Wallet team in reviewing their current applications, outlining security issues and improvements, designing and implementing security controls. Also we provided guidance and oversight for all sceurity corrections, from building new controls to improvement of existing ones.
We started with risk assessment and threat modelling for the Temple Wallet apps and backend ecosystem:
- Risk assessment and threat modelling allowed us to detect the most fragile application flows even before starting an actual implementation review.
- We analyzed how Tezos blockchain-wide threats—user deanonymisation and DoS of an individual blockchain node—affect users of these particular cryptocurrency wallets.
- We classified security controls as broken, missing or enhancements and described their impact, setting the priorities as high, medium, and low. Clear classification allows the development team to prioritise security-related work and understand the consequences of addressing found issues.
We conducted a deep cryptography audit of the Temple Wallet web extension and iOS, Android mobile apps.
- Found cryptographic issues varied a lot: from a choice of weak password-based derivation functions to poor design choices of the cryptosystem-in-a-whole. Many found cryptography issues were resolved by migrating the app to the Themis cryptographic library:
- Our security engineers improved the Temple Wallet mobile apps' cryptographic core and integrated Themis, a cross-platform cryptographic library, ensuring that crypto primitives choice fits particular use cases.
- Data-at-rest encryption migrated to AEAD based on Themis SecureCell Seal that uses AES-256-GCM and contains key derivation functions under the hood.
- Potentially insecure CPRNGs were changed to platform-native CPRNGs.
- Attack surface was reduced by unifying encryption on iOS, Android, and Web, and removing several third-party cryptographic libraries with duplicate functionality.
Besides the cryptographic enhancements, we also provided dozens of application security improvements aligned with the “defense in depth” approach:
- Phishing is one of the primary attack vectors. So, our suggestion included several improvements in business logic and UX, providing users clear hints and hardening the user flow with repeated authentication before any sensitive action (making a transaction, revealing seed phrase and private key, token delegation, etc.).
- Clear communication of potential weaknesses of web/mobile wallets and usage best practices to the users.
- Prevention of manual passcode brute forcing by using a counter of failed attempts and throttling user input.
- Introducing a force update feature to push users to update the app if a critical vulnerability is found.
- Designed security controls for protecting wallet seed during QR-code synchronisation.
- Typical appsec issues: input validations and integrity checks before using data from any external data source.
We analyzed the development process and advised improvements (from further automation in CI/CD pipeline to formalizing a security roadmap):
- Following our recommendations, the Temple Wallet team laid a foundation for Secure SDLC by addressing security at every step of the application development.
- Temple Wallet team introduced the dependencies management process and integrated SAST, dependency and vulnerability scanning tools in their CI/CD pipeline.
- The development team composed a security roadmap to improve the security of crypto wallet web extension and mobile apps further on.
Additional relevant materials
Julia Potapenko made a talk about typical security issues relevant for cryptocurrency wallets. The article Crypto wallets security as seen by security engineers by Julia Potapenko, Artur Hil, and Anastasiia Voitova gives even more research details and certain flaws examples.
Products and services involved
Mobile apps security
Mobile wallets give a gateway to the blockchain backend infrastructure and become a target for curious and malicious users: phishing and API abuse, creation and distribution of app clones. Mobile app security measures prevent these threats.
Read moreCryptography engineering
Implementing cryptography is hard, even in cryptocurrency applications. We audited the cryptographic core, found weaknesses, suggested fixes, and implemented a more reliable cross-platform cryptographic layer.
Read moreSecurity engineering
From security architecture to devsecops—we recommended numerous security controls and processed to ensure that wallets will get a high-security bar and stay there.
Read moreThemis
We suggested a cryptographic library Themis as a building block to unify applications' encryption layer across mobile (React Native) and web extension (WASM).
Read moreBenefits
The Temple Wallet web extension and mobile apps are now synced in their security guarantees and provide defence in depth protection for the user’s data. With a security baseline similar to financial apps, the Temple Wallet uses platform-specific security controls to protect user's cryptocurrency accounts inline with the industry best practices.
Results and outcomes
Tezos Foundation and Madfish Solutions received an in-depth review of Temple Wallet apps, including not only a list of found security issues—but suggestions for improving application logic from the security perspective.
The security, general stability, and maintainability of the Temple Wallet ecosystem was improved. Applications were enriched with numerous updates in security, cryptography usage and design, platform-specific controls, defenses against reverse engineering and tampering, and many more.
Smooth and maintainable security
Web, mobile, and cloud platforms bring unique threats but provide platform-specific security controls. Combining "boring" traditional application security with platform-specific measures results in reliable protection. Talk to us if you build cross-platform applications to take your appsec to the next level.