Add security filters to the "Find wallet" page

[matiassequeira]

Is your feature request related to a problem? Please describe.

The current comparisons between wallets regarding security are limited to two variables: Open Source and Personal Ownership. Given the importance of security in managing crypto assets, a more comprehensive comparison is necessary to help users evaluate and make informed decisions.

Several months ago, Coinspect initiated an investigation into web3 wallets. After identifying various bugs in over 40 wallets and releasing a security checklist designed for wallet developers, we put together a checklist prioritizing the protection of users from phishing attacks and malicious DApps, as mentioned in this blogpost. We currently have a set of 30 checks for browser extension wallets and over 30 checks for mobile wallets, categorized into sections such as DApp Access Control, Local Access Control, Censorship Resistance, etc.

Along with this, we are developing software to aid the testing process, which will inherently contribute to a more objective and traceable assessment.

Although we plan to publish the results on a dedicated website, following discussions with the ethereum.org team, we agreed it would be beneficial to integrate this information into the Find a Wallet page on their site.

Describe the solution you'd like

Given that the current design does not directly support the display of numeric values (i.e. score, ranking), we suggest incorporating additional categories to the 'Security' filters, which users could toggle.

We propose adding the following categories:

• Privacy and Censorship-resistance: focused on maintaining user privacy and autonomy by enabling users to configure their blockchain node providers and by avoiding the use of any tracking or analytics software.
• Device Access Protection: checks to prevent an adversary with access to the device from obtaining the seed phrase or draining the wallet.
• DApp Accesss Control: aimed at how DApps interact with the wallet by requiring user permissions to access critical functions and web3 APIs, and by providing options to review and revoke DApp permissions as needed.
• Intended Action Verification: checks to ensure that users are fully informed and have verified their intentions for a given interaction with the DApp+wallet, particularly about transaction details, token approvals, and contract interactions.
• Malicious DApp Blocking: security measures to protect and alert users from potential threats arising from interactions with DApps, such as connections to known malicious DApps, interaction with scam addresses, and signing messages for unintended chains to name a few.
• Interaction Safeguards: focused on minimizing risks from interacting with unknown addresses, or blockchain addresses incorrectly entered.
• Audit Reports Published: whether the wallet has recent, relevant and public security reports.

To determine which wallets will 'pass' each category, we propose considering those that ranked above the median value for the category.

Below we provide an example of how these categories/filters would look as toggle buttons on the wallets’ site:

Describe alternatives you've considered

As previously mentioned, we have adapted the information we had, in the form of rankings, to the current design of the ethereum.org website. This approach allows us to avoid major modifications to the current web site while providing user-friendly value. We will maintain an independent website with detailed information e for those curious and interested in learning more about it.

Additional context

Here are the current test results for the extension wallets listed on the ethereum.org wallets page. They are ranked from the top performers in each category to those with opportunities for improvement.

Would you like to work on this issue?

• [X] Yes
• [ ] No