Tagged

Argent's 10 Security Secrets (& 2 bonus treats)

Peace of mind from multisigs to man-in-the-middle attacks

Matthew Wright
Oct 30, 2020

1. Private key compromised? No problem

Traditionally in crypto if someone has access to your private key they can take everything you own. It's game over. This is why people go to (often insane) lengths to secure it - from engraving their seed phrase to storing it in a nuclear bunker.

But we asked ourselves: how could we build a wallet that protects you even if your private key is in the hands of an attacker?

Our solution is the daily transfer limit. Transfers above your limit are automatically blocked for 24 hours. This gives you time to approve or cancel them. You can change your limit to whatever you like and your allowance resets each day.

The result is that, even with your private key, nobody can drain your account. You've got total peace of mind.

You could even try to send $20K to a stranger, as Itamar did in the video below.

This advance in security is only possible because Argent is a smart contract wallet, as opposed to a traditional wallet, known as an Externally Owned Account (EOA). As a smart contract wallet we can include a lot of security features without requiring a custodian; EOAs can't do this.

(It's worth adding that we of course go to great lengths to secure your private key anyway. We use all the available security features on iOS and Android, such as biometrics, keychain, and Secure Enclave, as well as a six-digit user pin code. The pin code helps to encrypt the private key (we use PBKDF2 and AES256 in Galois/Counter Mode)).

2. Use Argent as a multisig

A multisignature wallet (multisig) means you need multiple authorisations to approve an action for your wallet. It's kind of like your bank calling you to check you want to make a big transfer - except here there's no middleman holding your assets and you're in full control.

To use Argent as a multisig, set a low daily limit and use 'guardians' to approve - or cancel - everything above it.

Guardians are trusted contacts, hardware wallets, your Metamask account, or our automated service. (In future they could be any Ethereum address).

Guardians never have access to your private key or assets. They just have specific and limited permission to help with security actions.

Using

3. Why you shouldn't trust us - and don't need to

What if Argent as a company disappeared? What if our infrastructure was shut down by a despicable dictator? No problem.

Our first rule for building Argent was that you'd never need to trust us. We're fully non-custodial and censorship resistant.

We can't take your assets. We can't stop you from moving your assets either.

You can even move your assets out using another Ethereum wallet, e.g. MyEtherWallet. Here's how.

What if we were kicked off the App and Play Stores? You'd still have access to the app on your phone and could follow the steps above to move your assets out.

4. (Anti-) social recovery

As mentioned earlier, we built Argent without seed phrases as they're insecure and an awful experience. Instead you can use guardians to help recover your account. While this has become known as social recovery, we have a secret for the anti-social: you don't need to rely on anyone else. You can recover with only hardware wallets or your Metmask account(s).

Anti-social

5. Lock & recover your wallet from your computer

Lost your phone but want to freeze your account? Simply type security.argent.xyz into your browser and lock your wallet from there. You can also use the Security Center to recover and approve transfers.

6. Whitelist contacts

Paranoid about accidentally sending money to the wrong address? Don't want to repeat the mistake of this whale who lost $1m by sending AAVE to Aave's contract address instead of their own wallet? Or maybe you just want to send unlimited funds to your hardware wallet or exchange account and block everything else?

You can do this by setting a low daily limit and whitelisting chosen addresses. (In Argent - Profile - Add contact - Trust). The daily limit doesn't apply to listed addresses so you can send as much as you like to them, while being protected by the limit for everything else.

If you're being extra careful, you could first make a tiny transaction to an address, then whitelist it once you receive the assets and know it's all good.

7. Prevent man-in-the-middle attacks with... emojis

If you thought a venn diagram of people who love cryptography and emojis would never intersect, you're wrong.

Stemming from our rule that we built Argent so you don't need to trust us is the fact that you don't need to trust our backend either.

The clearest example of this is with recovery. For example, say Alice loses her phone. How can Bob, a guardian of Alice, know that he's approving the right recovery request to Alice's new phone? How can we prevent their interaction from being compromised, for instance through a Man-In-The-Middle attack? It's not enough to simply secure our cloud infrastructure.

The solution? Emojis. With a little help from cryptography.

First, we show Bob (the guardian) a series of emojis. These represent a hash of the new account address (the public key on the new iPhone). Meanwhile, we show Alice (the owner of the new phone) the same series of emojis, hashed from data received over Argent’s network. Both hashes are calculated client side to help validate the authenticity of the new account address.

Next, Alice & Bob talk via a different medium, i.e. a phone call. They do this to: a) verify the recovery request is genuine; b) check no one has tampered with the new public key on its journey across our Argent network - by confirming they see the same emojis.

That’s it!

Here’s our emoji hash code in Swift if you wish to use it in your own project.

8. SIM swaps: no joke, but not a problem either

SIM swapping is usually a nightmare for people in crypto, especially for higher profile names in the US. And yet: Argent is a mobile wallet that asks for your phone number (it is optional by the way). So how are you protected?

The only way you'd be at risk is if you have weak email security, AND if the attacker uses your phone number to recover your email, AND if they know/guess your username, AND if your only guardian is the automated Argent guard, then they could trigger a recovery of your wallet on their phone. But… you’d be notified of the recovery attempt and have 36 hours to cancel it as you’d still have access to Argent.

9. No infinite approvals - ever

Despite the bland, technical name, the status quo with ERC20 approvals are a hugely overlooked security hole. They give a Dapp the potential to take all the assets in your wallet (up to 10⁵⁰ to be precise). This actually isn't a bug, but a deliberate design choice to minimise how many transactions you'd have to make to use the Dapp.

We felt this trade off between convenience and security was unacceptable and asked why you couldn't have both. It turns out you can.

When you use our native Dapp integrations the approval is handled automatically for you - and you only ever approve what you want to spend. (We can do this as we're a smart contract wallet and integrate at smart contract level).

If you use a Dapp through our WalletConnect integration you:

  1. Only approve what you want to spend
  2. Are protected by your daily limit
  3. And can easily revoke a Dapp's access to a token

10. Last...the Parity hack!

We know some people will always be wary of us because Argent is built on smart contracts. They point to the Parity hack of 2017 as proof it can't be safe. They're right that you can never be complacent about security but here's why we believe our situation is fundamentally different.

  1. The Parity hack was less of a problem with working with smart contracts in general than it was for issues specific to how they approached it, perhaps due to the fact that a wallet wasn’t their core product.
  2. The hack acted as a wake-up call to developers. The last 3 years (an entire era in crypto terms) has seen best practice evolve considerably since then.
  3. We only push to production code that has been reviewed and tested internally AND audited by external auditors. There is no exception to that rule. Our last audit was by Trail of Bits and included the fearsome Samcszun. When we first launched we spent 18 months in Beta battle-testing our contracts. We now have several wallets with over $1m in them.
  4. Wallets based on smart contracts are no different than wallets based on client software running in your web client or firmware running in your hardware wallet. At least with smart contracts the code is public and available for everyone to inspect.


That's it for now, thank you for reading. If you have any questions you can find us at:

Further reading

Bonus treats

  1. ENS to DNS, fiat to crypto: Type your username into your browser and buy crypto that way
  2. Spam tokens: Fed up of being airdropped spam tokens? Just flip the switch. Go to Profile - App Settings - Token Visibility to hide them.

Own It

We use 🍪 cookies to personalise your experience on Argent. Learn more

Accept

Security & Support


HQ London, made with ❤️ across Europe