walletbeat icon indicating copy to clipboard operation
walletbeat copied to clipboard
verified publisher icon fluidkey

Rename: hardware-dapp-signing -> Signature Intent Verification

Open PatrickAlphaC opened this issue 5 months ago • 3 comments

I feel like this is a more clear descriptor of what we are trying to... describe.

This would be good for both software and hardware wallets, it should be easy to verify the intent of your transaction in all wallets.

What do you think?

PatrickAlphaC avatar Jul 04 '25 02:07 PatrickAlphaC

Sounds good to me.

Maybe "Signature intent clarity" rather than "Signature intent verification", since the one doing the "verification of intent" is the user, while the wallet's role is just to have the intent be clear/understandable to the user.

polymutex avatar Jul 04 '25 21:07 polymutex

Replicating some thoughts I posted to Farcaster here:

Some further thoughts on 𝗰𝗹𝗲𝗮𝗿 𝘀𝗶𝗴𝗻𝗶𝗻𝗴. 🔏

Walletbeat's goal isn't to prescribe how hardware wallet manufacturers run their business.

But it 𝘪𝘴 to protect users' safety, and to maintain wallet ecosystem health through open competition and interoperability.

Part of ensuring users' security is Vitalik's walkaway test:

walkaway

As it applies for hardware wallets, where usability 𝘪𝘴 security:

If the hardware wallet manufacturer disappears, 𝘢𝘳𝘦 𝘶𝘴𝘦𝘳 𝘧𝘶𝘯𝘥𝘴 𝘢𝘵 𝘩𝘪𝘨𝘩𝘦𝘳 𝘳𝘪𝘴𝘬 𝘰𝘧 𝘤𝘰𝘮𝘱𝘳𝘰𝘮𝘪𝘴𝘦? In light of the Bybit hack, it's clear that clear signing is a baseline safety/security requirement for all wallets.

A company 𝘤𝘩𝘢𝘳𝘨𝘪𝘯𝘨 for such features doesn't inherently violate this principle. But what does is permissioning the ability for wallets to integrate them.

token

As a software wallet developer, 𝗜 𝘀𝗵𝗼𝘂𝗹𝗱 𝗻𝗼𝘁 𝗻𝗲𝗲𝗱 𝗽𝗲𝗿𝗺𝗶𝘀𝘀𝗶𝗼𝗻 𝗳𝗿𝗼𝗺 𝗮 𝗵𝗮𝗿𝗱𝘄𝗮𝗿𝗲 𝘄𝗮𝗹𝗹𝗲𝘁 𝗺𝗮𝗻𝘂𝗳𝗮𝗰𝘁𝘂𝗿𝗲𝗿 to offer clear signing to my users for them to use their hardware wallet. Without permissionless integration, there is a case to be made that the hardware wallet manufacturer is actively standing in the way of their users' safety. At least for users of wallets for which they have not given permission to use clear signing, for any reason. The other component: Clear signing must be built on 𝗼𝗽𝗲𝗻 standards. Can't have interop without open standards: other hardware wallets would need to implement alternatives, and so would software wallets. Implementation cost increases, leaving small competitors in the dust. For these reasons, I believe a well-designed wallet security benchmark should:

  • Require hardware wallets to support 𝗼𝗽𝗲𝗻 and 𝗽𝗲𝗿𝗺𝗶𝘀𝘀𝗶𝗼𝗻𝗹𝗲𝘀𝘀 clear signing.
  • 𝙉𝙤𝙩 require software wallets to support clear signing for hardware wallets that 𝙙𝙤𝙣'𝙩 implement such standards.

polymutex avatar Oct 27 '25 06:10 polymutex

As a software wallet developer, 𝗜 𝘀𝗵𝗼𝘂𝗹𝗱 𝗻𝗼𝘁 𝗻𝗲𝗲𝗱 𝗽𝗲𝗿𝗺𝗶𝘀𝘀𝗶𝗼𝗻 𝗳𝗿𝗼𝗺 𝗮 𝗵𝗮𝗿𝗱𝘄𝗮𝗿𝗲 𝘄𝗮𝗹𝗹𝗲𝘁 𝗺𝗮𝗻𝘂𝗳𝗮𝗰𝘁𝘂𝗿𝗲𝗿 to offer clear signing to my users for them to use their hardware wallet.

Couldn't agree more.

PatrickAlphaC avatar Oct 30 '25 01:10 PatrickAlphaC