With the advent of the cryptocurrency winter, hacker incidents have gradually shifted from traditional on-chain protocol attacks to attacks on personal wallets. At the same time, due to the strong interest rate hike cycle, with the withdrawal of liquidity, more and more centralized institutions have collapsed, causing great damage to user assets. With the recent frequent security incidents and the increasing number of asset thefts, it has become particularly important to ensure the safety of your own assets. At the same time, everyone has paid more attention to various decentralized security asset management solutions.
Why you should take control of your assets
For a long time, due to the centralized institutions providing
Web 2.0
With similar operating experience, many users choose to use the services of centralized institutions to enter the cryptocurrency industry, but there is an old saying in the blockchain world, Not your keys, not your coins (only by mastering your own private keys can you control your own assets). After users choose centralized institutions for convenience, they also sacrifice a certain degree of security. Once a centralized institution encounters a crisis, user assets will be gone. Take the recent FTX incident as an example. In this turmoil, FTX misappropriated user assets, resulting in a gap of nearly 6 billion US dollars. After the risk spread, there have been reports that other centralized institutions with certain interests in FTX have exploded one after another. The number of victims worldwide is estimated to be as many as one million. In this turmoil, if users learn to manage assets with their own private keys from the beginning and store most of their assets in decentralized facilities (hardware wallets, multi-signature contracts, etc.), they can avoid their losses in this incident to a great extent.
However, managing private keys is not an easy task. It involves security measures and best practices in many aspects, such as the generation, storage, management, and use of private keys.
On September 22, 2022, the famous market maker
Wintermute
Because the private key was created using Profanity’s private key generation tool, the owner private key of the related contract was leaked, resulting in a loss of nearly 160 million US dollars.
Coincidentally, on November 22, 2022, Fenbushi Capital partner Shen Bo
@boshen1011
He also tweeted that his wallet was stolen, and the amount involved was as high as 42 million US dollars at the time of the theft. After analysis by a security company, it was confirmed that the core problem of the incident was the leakage of the mnemonic phrase of the Trust wallet used by the user. From the above two incidents, it is not difficult to see that private key management is actually a very complicated subject, but in the current environment, there is a huge trust crisis in using services provided by centralized institutions. So is there a way to safely manage your assets without worrying about the loss of all assets due to the leakage of a single private key?
Gnosis Safe – A mature multi-signature solution
Since the account structure of Ethereum itself does not support the multi-signature model, Ethereum users cannot build their own multi-signature addresses like Bitcoin users. However, Ethereum supports smart contracts to implement various complex code logics, so it is possible to build a multi-signature wallet on the chain by writing smart contracts. It should be noted that the smart contract code itself may also have security risks. Historically, attacks on contract code vulnerabilities have emerged one after another. Therefore, when choosing a smart contract wallet, we need to use a solution that has been audited many times and has been verified for a long time.
Gnosis Safe
It is undoubtedly the better option.
pass
Gnosis Safe
, users can host their assets in a multi-signature contract and choose appropriate signature rules according to their needs. The assets of a multi-signature wallet are no longer managed by the private key of a single address, but are managed collaboratively by multiple addresses. The initiation of each transaction requires signatures from multiple addresses, and the total number of valid signatures must reach a preset threshold (for example, the figure below shows that sending a transaction requires signature confirmation from 3 users). In this way, Gnosis Safe can successfully eliminate the risk of total asset loss due to the leakage of a single private key.
but
Gnosis Safe
While improving asset security, there are also certain deficiencies in the convenience of actual use, such as:
Each transaction requires the participation and confirmation of multiple parties before it can be executed, and the execution efficiency is lower than that of a single-signature address.
Specific decentralization is not supported, and the rights of each address in the wallet member are exactly the same.
Does not support configuring specific risk control strategies for interactive contracts
So, is there a better multi-signature product that can maintain
Gnosis Safe
How can we solve the above problems while maintaining the original security? The answer given by Cobo is Cobo Safe.
Cobo Safe – Flexible on-chain decentralization and risk control solutions
Cobo Safe
Based on secondary development of Gnosis Safe and utilizing the module extension function of Gnosis Safe, flexible customization of the interaction between multi-signature wallets and project contracts is achieved.
Specifically, the services that Cobo Safe can provide include the following.
Single Signature Decentralization
Cobo Safe
Currently, decentralized management at the function level is supported, which means that different function interaction permissions can be configured for specific user roles. With simple configuration on the web interface, the user role (Role) can be given the right to call specific contracts and specific functions. The harvesters role configured as follows can and can only call the collect function of the Uniswap V3 NonfungiblePositionManager contract, which means that it can only complete the extraction of Uniswap V3 LP transaction fee rewards.
exist
Cobo Safe
When adding members, you can specify the user role of the aforementioned restrictions. An address assigned to a certain role can enable the multi-signature wallet to execute a specific contract call transaction. As shown below, the 0x20XX address is assigned the harvesters role, allowing the 0x20XX address to initiate a contract transaction for the collect function call on behalf of the multi-signature wallet.
After completing the above configuration,
0x20XX
Users can interact with the Uniswap V3 DApp through WalletConnect and perform operations to collect LP fees. Through the decentralization function of Cobo Safe, when the collect transaction is initiated by 0x20XX, all Gnosis owners are no longer required to sign and confirm one by one. Only 0x20XX's own single signature is required to successfully initiate the transaction. This avoids the cumbersome signature collection process in the use of multi-signature wallets. At the same time, since 0x20XX cannot perform other operations other than the Uniswap V3 collect function, even if the 0x20XX account is subject to risks such as hacker attacks or private key leaks, it will not directly threaten the principal assets of the multi-signature wallet. In this way, the operational risks between external protocols and the risks brought by private key leaks are minimized. Subsequent wallet owners only need to reconfigure and remove 0x20XX members to completely eliminate the risk. By utilizing a flexible decentralization mechanism, some common low-risk operations in on-chain interactions can be authorized to a single-signature address, which greatly improves operational efficiency without threatening the security of the original wallet.
ACL Risk Control
In addition to the function granularity decentralization mechanism,
Cobo Safe
It also provides a more fine-grained ACL (Access Control List) contract risk control mechanism. Users can customize any decentralization and risk control rules according to their own business scenarios. Through the ACL contract, various decentralization and risk control rules can be flexibly set, such as:
pass
ACL
Contracts can flexibly set various decentralization and risk control rules, such as:
Limit the parameter range of the user contract call process (for example, only a few fixed types of operations are allowed when specifying a swap
token
Assets
Limit the number of calls to a contract function
Perform risk checks on contract interactions (such as checking
swap
Slippage loss is not higher than a certain percentage)
It is worth mentioning that
Cobo Safe
As an important part of Argus (https://argus.cobo.com/), the decentralized custody solution launched by Cobo, its on-chain contract source code is open source. Because users or other third parties can audit the Cobo Safe and ACL contract source code to ensure that the custody function does not have the risk of centralized evil.
Summarize
Recent security incidents have also reminded us that whether we store our assets in centralized institutions or manage our private key mnemonics ourselves, there are still certain asset security risks.
These security risks are driving all parties to seek better asset custody solutions. Major centralized custodians have recently launched MerkleTree-based reserve proof solutions, and Dr. Changhao Jiang, co-founder of Cobo, has also published some discussions on the limitations and improvements of existing solutions (https://mp.weixin.qq.com/s/mHydXy-EnZAkrkZppI3YzQ).
Cobo Argus (https://argus.cobo.com/) is a decentralized custody solution, and its integrated Cobo Safe module expands the industry's mature multi-signature solution.
Gnosis Safe
It provides more flexible and customizable functions such as decentralization and ACL risk control, better balances the natural contradiction between asset security and wallet ease, and is a new choice of fund management tools for institutions and individuals to survive the capital winter and welcome the next round of prosperity.
Cobo is a leading global digital asset custody and blockchain technology provider headquartered in Singapore. As a technology-driven innovative company, Cobo focuses on building scalable infrastructure to promote the development of Web 3.0.
Since its establishment in 2017, Cobo has been committed to building a professional, one-stop, secure digital financial technology service platform, serving more than 500 institutional clients worldwide (including: well-known family offices, listed companies, top hedge funds, exchanges, etc.), and has gained their continued trust. At present, the products and services provided by Cobo include: Cobo MPC WaaS (co-management solution based on multi-party secure computing threshold signature technology), Cobo Argus (on-chain smart contract multi-signature solution suitable for teams to conduct DeFi) and Cobo Custody (centralized secure custody solution). At the same time, Cobo has launched WaaS (wallet service) and NaaS (NFT custody service) for specific institutions and tracks to meet the full range of institutional needs for asset custody.
In terms of compliance, Cobo has obtained SOC 2 Type I certification, an in-principle approval letter from the Dubai Virtual Asset Regulatory Authority (VARA), and holds licenses in the United States, Hong Kong, and Lithuania.