Reproducible Build Proofs: Wallet Scrutiny and BitcoinBinary
635 sats \ 9 comments \ @cointastical 6 Aug 2022 bitcoin
This past week there was a hack of wallets (mostly related to Solana blockchain), resulting in the theft of millions of dollars worth of tokens. The root cause was that many users had been using the "Slope" wallet, which had a design flaw in its security that was eventually exploited. Slope is a closed-source wallet, so the source code for this software was never reviewed externally and the flaw was not discovered. Thus people using Slope thought they "held their own keys", but ultimately they didn't.
You are little better off using a closed-source wallet app than you are leaving funds on a custodial exchange. And even if there is source code published for your wallet app, what good does that do you? If the app you downloaded and installed doesn't match the source code, then having an "open source" wallet even means pretty much nothing!
The only surefire way to know that the software download matches the source code is to build it yourself and compare. Almost nobody does that. But there are two projects that aim to show proof that a software build available to the public can be reproduced from the software project's corresponding source code repo.
This post is simply to bring awareness to these two projects and to list the surprisingly very few software releases which are (currently) found to be reproducible.
BitcoinBinary:
"BitcoinBinary.org is a repository of Reproducible Build Proofs for Bitcoin Projects"
Reproducible: [13 brands]
  • BITBOX02
  • BITCOIN CORE (and BITCOIN-CORE)
  • BLOCKSTREAM GREEN (and BLOCKSTREAM-GREEN)
  • COLDCARD (and COLDCARD-MK3)
  • ELECTRUM
  • LND
  • MYCELIUM (and MYCELIUM-ANDROID)
  • SIMPLE BITCOIN WALLET (and SIMPLE-BITCOIN-WALLET)
  • SPARROW (and SPARROW WALLET)
  • TREZOR 1 (and TREZOR T)
  • WASABI (and WASABI WALLET)
  • ZAP (and ZAP-ANDROID)
Wallet Scrutiny:
To improve the security of Bitcoin wallets by examining products for transparency and potential attacks

Play Store:

Reproducible: [9 apps]
  • Bitcoin Wallet (Shildbach)
  • Mycelium Bitcoin Wallet
  • Electrum Bitcoin Wallet
  • SBW: Simple Bitcoin Wallet
  • Green: Bitcoin Wallet
  • Unstoppable Wallet
  • AirGap Vault- Tezos, Cosmos, Ethereum, Bitcoin
  • Zap: Bitcoin Lightning Wallet
  • ABCore [obsolete]
Unreproducible: [19 apps] Others not included (e.g., custodial, no source, not enough users, etc.): [Hundreds]

App Store:

Reproducible: [0 apps] Unreproducible: [16 apps] Others not included (e.g., custodial, no source, not enough users, etc.): [Hundreds]

Hardware Wallet:

Reproducible: [4 devices]
  • Trezor One
  • KeepKey
  • Trezor Model T
  • Foundation Passport
Unreproducible: [11 devices] Others not included (e.g., custodial, no source, not enough users, etc.): [Dozens]
write
preview
related posts
25 sats \ 4 replies \ @rijndael 7 Aug 2022
Just having a reproducible build doesn’t mean that it’s secure. That’s one of the things I don’t like about walletscrutiny. Their methodology for determining what to put a green label on and what to put a red label on is misleading at best.
There is a lot more to wallet security and trying to boil it all down to reproducible builds is actively harmful to the ecosystem.
Also iOS apps aren’t binary-reproducible, so there’s a whole thing…
reply
25 sats \ 1 reply \ @l0k18 6 Feb 2023
Trusting Apple seems like a pretty bad idea anyway.
Reproducible builds at least guarantee the source makes the binary that is distributed.
Does walletscrutiny say something more than "we can build these and get the same hash as the one being distributed?"
reply
25 sats \ 0 replies \ @rijndael 6 Feb 2023
the problem is that you can't get the hash of an ios app on your phone.
reply
0 sats \ 0 replies \ @cointastical OP 7 Aug 2022
There is a lot more to wallet security and trying to boil it all down to reproducible builds is actively harmful to the ecosystem.
I disagree that Wallet Security is harmful to the ecosystem.
But to get further, there is the tragedy of the commons. Security audits on the code would help with that. Security audits are labor expensive. Who will pay for these security audits to vet the open source code on these wallets?
reply
0 sats \ 0 replies \ @cointastical OP 7 Aug 2022
There is a lot more to wallet security and trying to boil it all down to reproducible builds is actively harmful to the ecosystem.
It's the tragedy of the commons. Security audits on the code would help with that. Security audits are labor expensive. Who will pay for these security audits to vet the open source code on these wallets?
reply
0 sats \ 1 reply \ @cointastical OP 6 Aug 2022
Wallet Scrutiny created a Twitter thread recently. The Tweet that kicked off the thread is:
For the record:
We have never prioritized reviews based on donations and to our knowledge only one provider (Unstoppable) did donate to us at all.
We were asked repeatedly about the price to re-evaluate certain products but never agreed to such arrangements.
https://nitter.it/WalletScrutiny/status/1555707192367513601
reply
0 sats \ 0 replies \ @cointastical OP 6 Aug 2022
And this Tweet by the founder of Wallet Scrutiny, in response to Fiatjaf's Tweet which also happened to be on SN today:
But I'm more concerned about financing my project WalletScrutiny.com. I deem the content incredibly valuable and many experts agree but who should pay for it? It's currently geared towards early-coiners to raise their awareness of threat models. They would never pay.
https://nitter.it/LeoWandersleb/status/1555982693120315393
reply
0 sats \ 1 reply \ @cointastical OP 6 Aug 2022
There are a couple other posts, here on SN, where these two projects were shared:
BitcoinBinary.org - A repository of Reproducible Build Proofs for Bitcoin Projects #17501 https://bitcoinbinary.org
Is your Bitcoin wallet secure? #5436 https://walletscrutiny.com
reply
0 sats \ 0 replies \ @cointastical OP 6 Feb 2023
Also see this post:
Wallet Scrutiny #131993
reply