Recently, our very own DIP-Collector released an excellent video giving a detailed overview of the Solidifi Wallet. The wallet is an emerging alternative to Bifrost, which has become the primary choice with the Songbird/Flare community. The overview demonstrated the rich feature sets of the new Solidifi wallet and how it sets itself apart from Bifrost. Some of them included better integration of derived address management, NFT visualization, governance voting and other related media features.
However, whenever something new is introduced in crypto, particularly with wallets, the question always arises …
It’s new, but is it really better? Safer?
To answer this, one should go back to the roll-out of the Bifrost wallet. Months before even the beta version of this wallet was first available, Towo labs, creators of Bifrost, released the security audit report carried-out by Cure 53. The audit report provided an impressive stamp of approval, citing “no actual vulnerabilities were spotted” and furthermore “Towo Labs team has incorporated very good security practices from very early [in their processes]”. The pre-release auditing process along with its strong results made a convincing case that Bifrost was going to be a legit and secure option to engage with the then upcoming Songbird and Flare Networks.
In contrast, Solidifi had released their beta version of the wallet before a security audit report had been published. It was a few months after the beta release when the Solidifi Wallet security audit report was released, by the same Cure 53 auditing firm. In the case of Solidifi, the report highlighted some concerning issues with their initial releases:
“A total of fourteen findings were identified in this round of testing […]. It should be noted that the total number of issues is relatively high, so the overall result after the audit was rather negative”
Despite this initial negative result, the report later outlined that the Solidifi development team worked with the auditing firm to use this process and enhance the security aspects of their product:
“It is safe to say that all issues have been properly addressed and that the problems highlighted in the original report no longer exist in the currently available version”
The report proved reservations on using the initial releases of the Solidifi wallet were well justified.
Checklist for new wallets
I was one of those who had reservations, mainly due to the lack of a security audit report at the time of Solidifi’s initial release. A cautious approach that proved to be a wise one.
So what should one take away from this, particularly for those getting into crypto? Or those that were happy keeping their assets dormant on their hardware wallet but now want to put their capital to work in DeFi?
Changes are occurring daily with the breakneck speed of innovation in the DeFi space. With new DeFi protocols or more sophisticated DeFi features, new wallets are bound to appear to give investors a chance to get in early. Of course, no one wants to fall victim to scams, nor risk have their funds stolen due to security risks of the wallets they use.
I navigate this balance, by using the following criteria on any wallet I may use for my digital assets, be it a mobile app or hardware device.
- Always wait for a security audit and report before transferring large value. Solidifi was a warning with thankfully no victims reported, but many users of the Slope wallet were not so lucky, which was another up-start wallet product that did not have a security audit.
- Determine if the technical/leadership team is identified. If the developers of the wallet remain unknown or anonymous, it’s a huge security risk and their product is to be avoided. It’s not a bad idea to check out the authenticity of their community by scanning the engagements via their Twitter or Discord. These often reflect how professional of an operation they run.
- Wallet is released with open source code. It’s well known that security advantages of open source products far outweigh the risk. However, this criteria is less likely to be met, for understandable reasons that wallet makers are protecting their intellectual property. What could make up for this would be the regularity of security audits on their wallet product along with consistent reporting (quarterly, or bi-annual).
The more of these criteria that are met, the safer one can feel in transferring large assets to them securely.
Convenience over security?
One characteristic I noticed about the Solidifi wallet in the video was how its “Media” section was introducing non-essential functionality into the wallet. Though this features does make it convenient to have related information of your assets within the wallet, it can introduce security risks, particularly if the media content could potentially introduce malicious links or programs.
I have always advocated to always keep operations on your dedicated mobile device strictly with crypto related activity (ie no browsing, email, messages, social-media, etc). The Solidifi wallet has introduced that aspect directly into the app, something I’m personally not too fond of as it can heighten the risk of user error compromising security.
Convenience should not be a justification to compromise the security of your assets. Hence why I would never touch those media features on the wallet, just like I would never open the internet browser on my dedicated mobile device hosting my crypto assets.
Crypto, particularly DeFi, will be moving very quickly, with new doo-dads, shiny bells and whistles. However, it’s not always the best move to try to be the quickest and very earliest of adopters. It’s great to engage in new opportunities, but it can invite security risks if adequate due diligence is not applied. Wallets are no exception.
Always keep the non-essential crypto related usage (ie info from Twitter, YouTube, Discord, etc) segregated from the essential crypto operations. Everyone loves convenience, but it can never override your security practices and measures keeping your assets safe.
Personally, being fully transparent, I have chosen to stick to Bifrost at the moment, but this won’t necessarily be the case forever. The Solidifi team appear to be heading in the right direction as they have already taken corrective action to improve the security of their wallet product. It remains something on my radar and likely a good alternative to Bifrost in the future with more feature evolutions on the Flare Network coming up. So do keep an eye on it.
Hope this was insightful, provides the mindset one needs to have when exploring new products and wallet options.
Stay safe out there fam,