0xkynz
commented
1 year ago Update issues from feedback
- [x] Display recovery phrase with HTML5 Canvas
- [ ] Entropy recovery keys on redux
- [x] Remove copy button
Open 0xkynz opened 1 year ago
0xkynz
commented
1 year ago
This issue aims to enhance the security of the CasperDash Wallet extension by implementing several improvements. The following changes are proposed:
[x] 1. Hide/Show Copy Recovery Phrase: Currently, when the user views an existing account, the recovery phrase is displayed, which poses a potential security risk. This issue suggests implementing a feature to hide/show the recovery phrase, providing users better control over their sensitive information.
[x] 2. Change "Download" to "Copy" for New Account Creation: When a user creates a new account, the current option is to download the account details. However, downloading may inadvertently expose sensitive information. This issue suggests replacing the "Download" option with a "Copy" option, allowing users to copy the necessary account details to their clipboard securely.
[x] 3. Remove User Service on Wallet Lock: The current implementation of the CasperDash Wallet extension maintains a user service even when the wallet is locked. To improve security and minimize potential attack vectors, this issue proposes removing the user service entirely when the user locks the wallet.
[x] 4. Apply New v3 Validators (Matching Mobile Version): To ensure consistency and security across platforms, this issue suggests updating the CasperDash Wallet extension to use the new v3 validators, similar to the mobile version. Aligning the validators across platforms helps maintain a cohesive security standard.
[x] 5. Run "yarn audit" and Fix Dependencies: Running a security audit using "yarn audit" can help identify and address any vulnerabilities or outdated dependencies. This issue suggests running the audit and resolving any detected issues by updating dependencies to their latest secure versions.
[x] 6. Update Content-Security-Policy (CSP)