Decentralized Audit Approach for Peak Vault Wallet and SDK

BTW have you voted? It still needs more votes to be funded.

Per our PROPOSAL We have decided to go with a decentralized group consensus approach to the audit of the Open Source Peak Vault Wallet, the MetaMask Snap wallet and the Hive Wallet SDK (which works for all wallets)

A beta version of the wallet can now be downloaded here

WHY TWO NEW WALLETS? - We recommend reading the PROPOSAL... essentially decentralization, competition and promotion of Hive (via metamask)

Why an Audit?

We feel this is simply what should be done on sensitive apps that deal with keys and blockchain transactions. You do audits to give users who aren't technical a way to feel safer. Other ways to build trust are when lots of users and lots of websites integrate the software. Also trust in the team behind the work. But audits also do more...

Some Purposes of our Audit:

• Identify Blind Spots: Detect areas we may have overlooked.
• Bug Detection: Find and resolve software bugs.
• Security Focus: Prioritize security over user experience (UX).
• User Trust: Build confidence in our software among users.
   

Why Choose Hive Power Users and Devs?

While we welcome other external participants, we believe Hive developers have a significant advantage due to their deep understanding of the Hive blockchain. This approach saves the Hive Ecosystem money and provides a more trustworthy and valuable audit.

Traditional audit companies are:

• More expensive.
• Slower to work with.
• Often unfamiliar with Hive's specifics, being more experienced with EVM and Bitcoin.
   

Scope of the Audit:

• Peak Vault core: The base layer on which Peak Vault and the MetaMask snap are built.
• Peak Vault extension: Browser extension wallet.
• MetaMask Snap: An adaptation of Peak Vault core and extension for MetaMask.
• Hive wallet SDK: A wrapper to seamlessly address Keychain, Peak Vault, and the MetaMask Snap.
   

Size of the Audit

• PeakVault - This is the main product and the audit should focus on features that have most security impact. There is very little need to go through some of the UI and layout code.
• MetaMask - Once you've audited PeakVault you've done about 80-90% of the work to audit MetaMask snap wallet.
• SDK - A wrapper to the different wallets (Keychain, Peak Vault and MetaMask) that routes requests to the specified wallet. It should make for a quick and easy audit. This is the code that websites would install on their website which would support Vault, Snap and Keychain.

Once you apply for the audit we'll grant you access to the GitLab repositories to check out the code.

Who Qualifies?

• Highly Technical Individuals or Groups: With a security-focused and detail-oriented mindset.
• Hive Blockchain Familiarity: Those who understand the workings and security aspects of the Hive blockchain.
• Ideal Candidates: High-level developers from Hive ecosystem projects.

Special Call Out / Petitions To:

• @stoodkev and the @keychain team: Experts in Hive wallet extensions.
• @yabapmatt and the @splinterlands team: Experienced with large user bases, security, wallets, and keys.
• @khaleelkazi (InLeo) and @good-kharma (@ecency): Representing major Hive ecosystem apps.
• @theycallmedan and @starkerz (or the technical liaison on the @3speak team): Capable of auditing.
• @gandalf: Old school Hive wizard with extensive knowledge of the blockchain.
• @howo: Funded by the Hive community to work on Hive code.
• @themarkymark: Old school Hive user with a technical background in security.
• @arcange: Developer who has worked with wallet-related applications.
• @therealwolf and @ausbitbank: Developers who are also witnesses for Hive and know the software well.
• AND MORE

VOTE
Also we'd love your support on the Wallet Proposal 275/day for one year (includes funds for the group audit) we lowered our funding significantly for this year AND have this new big aspirations.
Vote here

Payment Structure:

We will be setting aside tens of thousands of HBD from the proposal for the audit.

1. Sliding Scale: Based on the scope of the audit (vault, metamask snap), initial and follow-up audits, and the auditor's experience.
2. Flexible Compensation: We are open to adjusting compensation if unforeseen issues arise and the audit takes longer than expected.
3. Application: Contact us via PeakD, Sting chat, or Discord to start a conversation. Audits will officially begin once the Wallet Proposal is funded. However let's chat as we may be able to do one or two before depending on price.
4. Ongoing Engagement: We are most interested in long-term collaboration for future updates, even if new features don't pose security risks it's nice for the community to know that nothing changed in a release that would cause concerns.

Why Start Now?

Because it's ready!! The SDK and wallets are functional and ready for use by any Hive App/Website. Core functionality is ready for testing, and an audit will instill trust, encouraging websites and apps to adopt the new SDK and support multiple wallets (Keychain, PeakVault, MetaMask Snap).

How is this Paid?

We are using a good chunk of the Hive proposal to Audit the software now and in the future. The proposal is 275/day. We don't need that much to do the software itself we made the proposal that amount in part with Auditing in mind because we believe it to be important for us and the Hive Community.
Keep in mind the proposal is getting much less funding than one year because it's not funded yet so this also impacts some of our completion time lines.

SUPPORT THE PROPOSAL

Help make make the software better and the audit a reality and vote on the proposal here