We need to fund an audit for Parity Signer.

bcu
3yrs ago
2 Comments

https://github.com/paritytech/parity-signer

The code in the master branch has changed significantly lately. They are important and useful changes that move a lot of the code away from React Native and towards native code. Support for seeing what you sign before you sign it has also been added along with QR codes to update metadata.

There has not been a stable release of this tool since September last year despite it being widely used. The current stable release requires blind signing transactions which is a terribly bad idea and undermines the purpose of having a cold signer in the first place (the hot computer can edit the transaction silently).

This project is widely used by the community and a bug with it would negatively impact a large subset of users whilst also doing damage to Polkadot's brand. We urgently need to audit this app.

Currently we are burning treasury funds, it seems like a better use of these funds would be to put them towards a security audit for Parity Signer and perhaps an education program for how to safely store funds whilst being able to interact with the chain and take part in governance.

How do we make this happen?

Thanks

Up
Comments
No comments here