wackerow
commented
5 months ago Thanks @andrei0x309! Have assigned for review
Open andrei0x309 opened 5 months ago
wackerow
commented
5 months ago Thanks @andrei0x309! Have assigned for review
github-actions[bot]
commented
4 months ago This issue is stale because it has been open 30 days with no activity.
andrei0x309
commented
4 months ago Thanks @andrei0x309! Have assigned for review
Thanks
github-actions[bot]
commented
3 months ago This issue is stale because it has been open 30 days with no activity.
konopkja
commented
3 months ago i am worried this product has not been audited. Am i wrong?
andrei0x309
commented
3 months ago i am worried this product has not been audited. Am i wrong?
I mean over the two years, it had a few thousand users and currently has around ~200 users(only what is available on website data), the thing is based on ethers for all functionality it doesn't have its own crypto modules.
It has been open-source since the beginning, so yeah since is a wallet without a company behind it, without ads without any monetization scheme, and without analytics other than what Google Webstore provides.
It actively recommends users to build it themselves, so yeah in that case an audit wouldn't even be recommended as the whole point is to make something that has privity at its core.
So for example this wallet is on Google Webstore and Alchemy Webstore, with no other incentive than to inform users that there is a wallet without a company behind out there if they really search for maximum privacy.
wackerow
commented
2 months ago i am worried this product has not been audited.
An "audit" specifically has not been a requirement... I see at least eight other wallets in the list that do not gave audits attached... This project appears to be fully open source (please correct me @andrei0x309 if I'm wrong), which would satisfy the requirement per our policy.
It actively recommends users to build it themselves, so yeah in that case an audit wouldn't even be recommended as the whole point is to make something that has privity at its core.
Not sure I agree that an audit wouldn't still be helpful here... just because someone can build it locally doesn't mean they can properly audit the entire codebase... But we can at least place some faith in the open nature of the codebase since we understand audits aren't perfect either.
Lastly... @andrei0x309 We've recently updated the wallet listing policy slightly, and the template of required questions has been updated.
This list highlights the additional questions compared to the form above if you could reply with the answers for these:
konopkja
commented
2 months ago also please provide which layer 2 the wallet supports with easy switch network functionality.
andrei0x309
commented
2 months ago i am worried this product has not been audited.
An "audit" specifically has not been a requirement... I see at least eight other wallets in the list that do not gave audits attached... This project appears to be fully open source (please correct me @andrei0x309 if I'm wrong), which would satisfy the requirement per our policy.
It actively recommends users to build it themselves, so yeah in that case an audit wouldn't even be recommended as the whole point is to make something that has privity at its core.
Not sure I agree that an audit wouldn't still be helpful here... just because someone can build it locally doesn't mean they can properly audit the entire codebase... But we can at least place some faith in the open nature of the codebase since we understand audits aren't perfect either.
Lastly... @andrei0x309 We've recently updated the wallet listing policy slightly, and the template of required questions has been updated.
This list highlights the additional questions compared to the form above if you could reply with the answers for these:
- Wallet account type: EOA, Account Abstraction, or Smart Contract?
- What are the fees users may be paying for using your wallet product? eg) 1% service fee for swapping, bridging functionality, flat fee for all transactions
- Does the wallet support bridging directly? Please provide documentation on bridging.
- Does the wallet have any recovery options? Please provide any information on any recovery options for your wallet
- Does the wallet support bundled transactions? Please provide any documentation on bundled transactions
Gladly, you're right an audit can be helpful to increase trust and security, I was thinking more from a legal standpoint, audits are paid by a company, and companies in many countries by law are required to provide information that might impair privacy. If anyone wants to do an unpaid audit not signed by an entity linked with the wallet that would be amazing. But yeah it was open-sourced from the beginning, at first I just did it for myself because MM was suboptimal at managing many accounts( supper slow), and also I wanted to have a wallet that removed the PK from memory after each decryption and use. ( so needing to pass a password on every sign ) to prevent malware extracting PK from memory. But yeah I mean MM now has evolved a thousand fold from its beginnings.
Wallet account type: EOA, Account Abstraction, or Smart Contract?
- EOA-only AA requires contracts that can impair privacy if they aren't paid and deployed by the user wallet itself.
What are the fees users may be paying for using your wallet product? eg) 1% service fee for swapping, bridging functionality, flat fee for all transactions
- No wallet fees of any kind, because that would mean the wallet would have a monetization incentive which would impair privacy
Does the wallet support bridging directly? Please provide documentation on bridging.
- No unless you're an advanced user that loads ABI directly in your wallet ( which does support and allows to make any kind of interaction with EVM contracts) made a bridge UI for the Axelar network here https://erc20-bridge.pages.dev/ Maybe I will include it in the wallet in a future version
Does the wallet have any recovery options? Please provide any information on any recovery options for your wallet
- Only local by importing either exported file or PK or mnemonic ( supports, mnemonic with standard derivation path and index) no online recovery option as is non-KYC, non-custodial, non-company wallet.
Does the wallet support bundled transactions? Please provide any documentation on bundled transactions Only if proposed by a DAPP.
Documentation website: https://clear-wallet.flashsoft.eu/
also please provide which layer 2 the wallet supports with easy switch network functionality.
It has some public network templates but it works with any network if a network does not exist in the public template it will prompt you to go to chainlist and add it from there, but you can also add/delete/modify manually any network.
The current template for networks are:
export const mainNets: {[key: number]: Network} = {
1: {
name: 'Ethereum Main',
rpc: 'https://eth-mainnet.public.blastapi.io',
chainId: 1,
explorer: 'https://etherscan.io',
icon: 'eth.webp',
symbol: 'ETH',
priceId: 'ethereum',
},
137: {
name: 'Polygon Mainnet',
rpc: 'https://polygon-rpc.com',
chainId: 137,
explorer: 'https://polygonscan.com',
icon:'polygon.webp',
symbol: 'MATIC',
priceId: 'matic-network'
},
100: {
name: 'Gnosis',
rpc: 'https://rpc.gnosischain.com',
chainId: 100,
explorer: 'https://gnosisscan.io',
icon:'xdai.webp',
symbol: 'xDAI',
priceId: 'xdai'
},
10: {
name: 'Optimism',
rpc: 'https://mainnet.optimism.io',
chainId: 10,
explorer: 'https://optimistic.etherscan.io',
icon: 'optimism.webp',
symbol: 'ETH',
priceId: 'ethereum'
},
56: {
name: 'BSC Main',
rpc: 'https://bsc-dataseed2.binance.org',
chainId: 56,
explorer: 'https://bscscan.com',
icon: 'binance.webp',
symbol: 'BNB',
priceId: 'binancecoin'
},
42161: {
name: 'Arbitrum One',
rpc: 'https://rpc.ankr.com/arbitrum',
chainId: 42161,
explorer: 'https://explorer.offchainlabs.com',
icon: 'arbitrum.webp',
symbol: 'ETH',
priceId: 'ethereum'
},
8453: {
name: 'Base Mainnet',
rpc: 'https://base.publicnode.com',
chainId: 8453,
explorer: 'https://basescan.org',
icon: 'base.webp',
symbol: 'ETH',
priceId: 'ethereum'
}
}
export const testNets = {
11155111: {
name: 'TESTNET Ethereum Sepolia',
rpc: 'https://ethereum-sepolia-rpc.publicnode.com',
chainId: 11155111,
explorer: 'https://sepolia.etherscan.io',
icon: 'eth_t.webp'
},
84532: {
name: 'TESTNET Base Sepolia',
rpc: 'https://sepolia.base.org',
chainId: 84532,
explorer: 'https://sepolia.basescan.org/',
icon: 'base_t.webp'
},
80002: {
name: 'TESTNET Polygon Amoy',
rpc: 'https://rpc-amoy.polygon.technology',
chainId: 80002,
explorer: 'https://oklink.com/amoy',
icon:'polygon_t.webp'
},
100200: {
name: 'TESTNET Gnosis Chiado',
rpc: 'https://rpc.chiadochain.net',
chainId: 100200,
explorer: 'https://gnosis-chiado.blockscout.com',
icon:'xdai_t.webp'
},
420: {
name: 'TESTNET Optimism Goreli',
rpc: 'https://goerli.optimism.io/',
chainId: 420,
explorer: 'https://goerli.etherscan.io',
icon: 'optimism_t.webp'
},
11155420 : {
name: 'TESTNET Optimism Sepolia',
rpc: 'https://sepolia.optimism.io',
chainId: 11155420 ,
explorer: 'https://sepolia-optimistic.etherscan.io/',
icon: 'optimism_t.webp'
},
97: {
name: 'TESTNET BSC',
rpc: 'https://bsc-testnet-rpc.publicnode.com',
chainId: 97,
explorer: 'https://testnet.bscscan.com',
icon: 'binance_t.webp'
},
421614: {
name: 'TESTNET Arbitrum Sepolia',
rpc: 'https://sepolia-rollup.arbitrum.io/rpc',
chainId: 421614,
explorer: 'https://sepolia.arbiscan.io/',
icon: 'arbitrum_t.webp'
},
}Note: As I am based in EU future legislation( for non-custodial, open-source, non-company wallet) might force me to shutdown this project in that case, I will have to comply and will delist from everywhere, but I hope that will not transpire.
Thanks in advance for your time.
github-actions[bot]
commented
1 month ago This issue is stale because it has been open 30 days with no activity.
andrei0x309
commented
1 week ago @wackerow @konopkja
Can you please ban this bot & delete the messages? he is posting here scam links.
Thanks.
Wallet name
Clear EVM Wallet
Wallet description
Clear EVM wallet is fully open-source EVM browser wallet based on Ethers, Ionic, Manifest V3, and Vue. It implements Metamask API and will work as a replacement for Metamask, websites will detect it as Metamask, so select Metamask when interacting with Dapps. Websites that implement EIP-6963 will detect it as "Clear EVM Wallet".
This wallet goes to great lengths to protect your privacy. For me, privacy is very important, so I made sure that this wallet does everything possible to protect your privacy. It does everything locally, it does not collect any data, it does not have any telemetry, it does not have any analytics, it does not have any ads, it does not have any trackers it does not have any sponsored content. When interacting with Daaps it will only provide the address for the current selected account and not other data that might link you with other accounts in the wallet, unlike other wallets.
Wallet logo
Background color for brand logo
333
URL to the project
https://clear-wallet.flashsoft.eu/
When did the wallet go live to users?
August 2022
Does the wallet have an active development team?
Sole developer, maintaineg it for ~2 years
Is the wallet globally accessible?
Yes, no KYC, no company behind it just open source software
Is the wallet available in multiple languages?
No - English only
What social links are there for the project?
Github: https://github.com/andrei0x309/clear-wallet Docs website: https://clear-wallet.flashsoft.eu/ Chrome store: https://chromewebstore.google.com/detail/clear-evm-wallet-clw/djlahdpfkflehaepgohnnodmaajabdlg Twitter: https://twitter.com/andrei0x309 Farcaster: https://warpcast.com/andrei0x309
Does the wallet have a mobile app? If yes, which operating systems are supported (iOS, Android)?
No. Only web browser extension, this wallet will not have a mobile version due to privacy concerns.
Does the wallet have a desktop app? If yes, which operating systems are supported (Windows, Mac, Linux)?
No. Only web browser extension, a desktop version is not planned but not completely ruled out.
Does the wallet have a browser extension? If yes, which browsers are supported (Chromium, Firefox, Safari)?
Yes, chromium extension. Link: https://chromewebstore.google.com/detail/clear-evm-wallet-clw/djlahdpfkflehaepgohnnodmaajabdlg
Is it a hardware wallet?
No
Is the source code for the wallet fully open-source?
https://github.com/andrei0x309/clear-wallet
What license is the wallet software released under?
MIT
Who holds the private keys?
They are stored and used locally, self-custodial, no online backups.
Please describe the measures taken to ensure the wallet's security and provide documentation wherever possible
It's open-source, developer-orientated, publicly available since August 2022, and based on ethers.
Has the wallet's smart contract code or security modules been audited?
No, it dosen't have any smart contract and is based on ethers.
Does the wallet have an internal security team?
No,
Any other security testing that should be noted?
No response
Scam protection?
Not but it shows the whole raw transaction. Users are advised to interact only with known and trusted contracts.
Does the wallet support connecting to a hardware wallet?
No
Does the wallet support WalletConnect?
No
Does the wallet support importing Ethereum RPC endpoints?
Yes - Docs website https://clear-wallet.flashsoft.eu/
Does the wallet support viewing and interacting with NFTs?
Yes
Does the wallet support connecting to Ethereum applications?
Yes ( in wallet browser)
Does the wallet support staking directly?
No
Does the wallet support swaps directly?
No
Does the wallet support multi-chain networks?
Yes EVM Chains
Does the wallet support Ethereum layer 2 networks?
Yes
Does the wallet allow the user to customize gas fees?
Yes
Does the wallet support sending transactions to ENS addresses?
No
Does the wallet support importing or automatically querying and displaying ERC-20 tokens?
No
Does the wallet support EIP-1559 (type 2) transactions?
Yes
Does the wallet have fiat on-ramps through credit/debit cards, wire transfers, or bank transfers (ACH)?
No
Does the wallet support withdrawals to fiat?
No
Is the wallet a multi-signature wallet?
No
Does the wallet support social recovery?
No
Who can the ethereum.org team can contact regarding the wallet in future?
Email: andrei0x309@flashsoft.eu Discord: andrei0x309 Telegram: andrei0x309 Github: andrei0x309 Twitter: andrei0x309 Farcaster: andrei0x309 Lens: lens/andrei0x309 XMTP: andrei0x309.eth
Does the wallet have a dedicated support team?
No, support mainly on GitHub.
What educational resources/documentation do you provide to users?
Github repo: https://github.com/andrei0x309/clear-wallet Docs website: https://clear-wallet.flashsoft.eu/
Does the wallet have any integrated tools not mentioned above?
No response
Would you like to work on this issue?