Welcome to the Elastos Blog
Read it here first
Elastos Essentials Bolsters Security with Audit Services from Blockchain Security Firm Slowmist
The Elastos Essentials development team has officially hired blockchain security firm Slowmist to conduct comprehensive audits for Elastos Essentials, the flagship Super-Wallet application of the Elastos ecosystem. On Essentials, users can access the fullest expanse of assets, features, applications, and platform services in the Elastos ecosystem. As such, ensuring and optimizing operational security is of the highest priority for Essentials and its users. Slowmist has already been hard at work getting the audit process underway for several months, and has been thorough and detailed in issuing reports to Trinity Tech.
Slowmist Audits: Reports and Results
Slowmist completed its first comprehensive audit of Elastos Essentials in February, and issued a preliminary report to the Essentials team. Here’s what they delivered:
- No major security issues were found. Broadly speaking, Elastos Essentials and its framework operate robustly.
- Minor improvements and optimizations were suggested, such as to:
- Use a custom keypad to input mnemonic words;
- Detect URLs of bad actors posing as dApps in the built-in browser;
- Improve the smart contract transaction approval screen to clearly indicate when a user permits a third party to access and/or use assets;
- Improve randomness for red packet identifiers;
- Prevent screenshots and video recording;
- Detect jailbroken and/or rooted devices.
Looking Ahead: Next Steps
The Essentials team has thoroughly vetted all of the suggested improvements and optimizations outlined in Slowmist’s preliminary report. The team is now in the process of finalizing all relevant modifications, and is preparing a new version of Elastos Essentials to be released internally.
The internal release of Essentials will be submitted to Slowmist promptly. Upon receiving the newest release of Elastos Essentials, Slowmist will conduct a comprehensive audit, and issue its final audit report to the Essentials team, which will be made publicly available in its entirety for the Elastos community and beyond.
It should be noted that although many minor modifications recommended by Slowmist have already been included in recent releases of Elastos Essentials in order to bring a superior experience to users at the nearest juncture. Such examples include the new mnemonic keypad and video recording restriction.
At present, the Essentials team anticipates that Slowmist’s upcoming audit report will be issued in July, at which point its contents will be made available to the public.
As always, to remain up-to-date with the latest developments, news, and audit reports for Elastos Essentials, stay tuned here on the official Elastos Info Blog.