corwintines
commented
9 months ago Thanks @hazae41
Going to reject this listing for the following reasons at this time:
- There is no security audit. We are increasingly noticing the importance of this with wallet hacks that have occurred recently
- The product is in beta (https://twitter.com/BrumeWallet) you can see this mention in the wallets description
Wallet name
Brume Wallet
Wallet description
A non-custodial and private Ethereum wallet with a built-in implementation of the Tor network
Wallet logo
You can find everyting you need there https://github.com/brumewallet/art/tree/master/flat
Background color for brand logo
ba77ff
URL to the project
https://bento.me/brume
When did the wallet go live to users?
3 november 2022
Does the wallet have an active development team?
Yes https://github.com/brumewallet
Is the wallet globally accessible?
Yes
Is the wallet available in multiple languages?
Only English for now
What social links are there for the project?
All links are available here: https://bento.me/brume
https://twitter.com/BrumeWallet https://discord.gg/KVEPWfN9jK https://github.com/brumewallet
Does the wallet have a mobile app? If yes, which operating systems are supported (iOS, Android)?
Only as PWA on iOS and Android, publication on iOS and Android stores are planned
Does the wallet have a desktop app? If yes, which operating systems are supported (Windows, Mac, Linux)?
Only as PWA
Does the wallet have a browser extension? If yes, which browsers are supported (Chromium, Firefox, Safari)?
Chromium
Firefox
Safari
Is it a hardware wallet?
It supports some hardware wallets (only Ledger via USB for now); signed transactions are broadcasted by network
Is the source code for the wallet fully open-source?
Open-source and reproducible https://github.com/brumewallet/wallet
What license is the wallet software released under?
MIT
Who holds the private keys?
Non-custodial, in-memory and in-storage, all the data is stored encrypted on the device.
For additional security, users can choose to save private keys and/or seed phrases in WebAuthn storage, in that case it's up to the device manufacturer to ensure availability of the keys (e.g. Apple will put those keys in its cloud); for security reasons, they are encrypted by the app before being put in WebAuthn storage, so the manufacturer can't access those keys.
Please describe the measures taken to ensure the wallet's security and provide documentation wherever possible
Reproducible building
All our builds are reproducible, you can verify that there is no difference between our builds an yours
Encrypted storage
Your storage is hashed and encrypted using strong cryptography algorithms and parameters
Authenticated storage
Some critical entities like private keys and seed phrases are stored in WebAuthn and require authentication (FaceID/TouchID)
Nobody can access your private keys or seed phrases without your password + authentication (FaceID/TouchID)
This mitigates supply-chain attacks and phishing attacks, and prevents phone-left-on-the-table attacks
Supply-chain hardened
We try our best to avoid supply-chain attacks from external packages
Has the wallet's smart contract code or security modules been audited?
Not entirely, but we try to use audited cryptography dependencies when available
Does the wallet have an internal security team?
Yes, and we respond quickly
Any other security testing that should be noted?
No response
Scam protection?
It employs hardened phishing protections against spoofed domains when using WalletConnect and when using window.ethereum; smart contract phishing protection is not added yet but strongly planned.
Does the wallet support connecting to a hardware wallet?
Yes
Does the wallet support WalletConnect?
Yes
Does the wallet support importing Ethereum RPC endpoints?
Not yet but planned
Does the wallet support viewing and interacting with NFTs?
No
Does the wallet support connecting to Ethereum applications?
Yes, both via window.ethereum and WalletConnect 2.0
Does the wallet support staking directly?
Not yet but planned
Does the wallet support swaps directly?
Not yet but planned
Does the wallet support multi-chain networks?
What's "multi-chain network"?
Does the wallet support Ethereum layer 2 networks?
Gnosis, Optimism, Binance, Polygon Bor, Arbitrum One, zkSync, Avalanche C-Chain, Celo, Linea, Base
Does the wallet allow the user to customize gas fees?
Not yet but planned
Does the wallet support sending transactions to ENS addresses?
Not yet but planned
Does the wallet support importing or automatically querying and displaying ERC-20 tokens?
Not yet but planned
Does the wallet support EIP-1559 (type 2) transactions?
Not yet but planned
Does the wallet have fiat on-ramps through credit/debit cards, wire transfers, or bank transfers (ACH)?
No and not planned
Does the wallet support withdrawals to fiat?
No and not planned
Is the wallet a multi-signature wallet?
Not yet but planned
Does the wallet support social recovery?
Not yet but planned
Who can the ethereum.org team can contact regarding the wallet in future?
hello@brume.money https://twitter.com/BrumeWallet https://discord.gg/KVEPWfN9jK brume.eth
Does the wallet have a dedicated support team?
Yes, and we respond quickly via Discord, Twitter, GitHub or email; we can respond via on-chain messaging too if we notice it.
What educational resources/documentation do you provide to users?
https://github.com/brumewallet/wallet https://twitter.com/BrumeWallet https://discord.gg/KVEPWfN9jK
Does the wallet have any integrated tools not mentioned above?
A built-in implementation of the Tor network
Brume Wallet sends your requests and transactions through the Tor network (the dark web), so people at the end of the pipe can't use your IP address to:
Would you like to work on this issue?