Trust Wallet
trustwallet.comStats
Staking
Swap
Bridge
Daily Transaction Count (Smart Account)
Daily Deployed Trust Wallet Smart Accounts
Daily Active Trust Wallet Smart Accounts
Weekly Active Trust Wallet Smart Accounts
Activity
Wallet Core
0 contributors in the last year
Assets
0 contributors in the last year
Security Analysis
Key Management
Responsibility
A single user is responsible for managing the private key (secp256k1key pair in this case). We’ll discuss the key generation process in detail in the next section.
Storage
where is the key stored in: - browsers - mobile devices (iOS, Android) The passkey is generated by the device’s Secure Enclave (in case of iOS devices) or similar modules (in case of Android devices). The passkey is locally stored on the device’s Secure Enclave (in case of iOS devices) or similar modules (in case of Android devices).
Access
The user can access Secure Enclave (in case of iOS devices) or similar modules (in case of Android devices) in order to perform different operations without the passkey ever leaving the Secure Enclave.
Metamask allows users to use a password to access the key stored in the user’s local browser’s storage.
In case of mobile wallet users can use a password OR biometrics to access the key stored in the user’s device.
More info on how MetaMask stores your wallet secret?
Account Management
- EOA ✅
- SCA ⚠️ (not supported natively, but could be supported using AA snap plugin)
Processes
For each case, check, how this works and some benchmarks on cost and time used to perform the operation.
Key generation
A random number selected from the secp256k1 elliptic curve serves as the private key. This key is then multiplied by a predefined point on the curve to generate the public key. The Ethereum address is derived from the last 20 bytes of the hashed public key. The 'seed phrase' is usually introduced for human-readable backup, enabling the deterministic derivation of private and public keys.
Transaction process
Signing Transactions: A transaction, containing details such as nonce(a sequential number), amount, gas price, and recipient address, is signed using the private key. This process, involving the ECDSA, a digital signature algorithm that uses elliptic curve cryptography and adopts secp256k1 as the curve, generates a signature consisting of values (r, s, v). The signature and the original transaction are then broadcast on the network.
Verifying Transactions: Once a transaction reaches Ethereum nodes, it undergoes a validation process in the node's mempool. To verify the signer, the nodes use the signature and hashed transaction to derive the sender's public key and confirm the transaction's authenticity by matching the derived address with the sender's.
Account Recovery process
Users are suggested to maintain a secure back up of the seed phrase/private key(s) in order to recover their account if needed. If a user loses their private key/seed phrase, then they cannot recover their account.
Migrating from another wallet
- Seed phrase import supported (seed format supported: 12/24)
- Private key import supported
- Hierarchical deterministic (HD) address derivation
Migrating to another wallet
You can export your private key/seed phrase and import that to any other compatible wallet.
Features
In App
Security
ENS Support
Hardware Wallet Supports
Supported Standards
Incentives
No incentives
Security
Audit
Audits in Web3 refer to the process of conducting comprehensive security assessments and evaluations of blockchain-based projects, smart contracts, decentralized applications (dApps), and other Web3 protocols. The purpose of these audits is to identify vulnerabilities, potential risks, and weaknesses in the code and system architecture to enhance security, reliability, and trustworthiness.
Bug Bounty
A bug bounty program in Web3 is an initiative offered by blockchain projects, cryptocurrency platforms, or decentralized applications (dApps) to incentivize security researchers and ethical hackers to discover and report vulnerabilities or bugs in their systems. It is a crowdsourced approach to security testing where individuals or teams are rewarded for responsibly disclosing vulnerabilities they find.
Past Incidents
Legal Compliance
Legal Compliance refers to the wallet's adherence to relevant laws, regulations, and guidelines in the jurisdictions in which it operates. This includes regulations regarding user data privacy, anti-money laundering (AML), Know Your Customer (KYC) processes, and more. Compliance ensures that the wallet operates in a legal and ethical manner, providing users with a secure and trustworthy platform for managing their digital assets.
Where is the company registered?
This is important as it can impact the regulatory standards the company must adhere to, the legal protections available to users, and the company's overall credibility and trustworthiness.
Texas, U.S.
Data Safety Policy
It's essential for ensuring the privacy and security of user data, demonstrating the company's commitment to maintaining user trust and adhering to data protection regulations. It provides users with an understanding of what to expect regarding their personal information when using the wallet.
https://consensys.io/privacy-policy
Website Cookie policy
Website cookies in this wallet are used for:
https://consensys.io/privacy-policy/cookies