This Week in Custody is a newsletter covering technical and narrative developments in digital asset custody written for wallet engineers, digital asset operators, and security engineers.
News
Robinhood. Robinhood teases crypto wallet support. I can’t wait for blog posts from them on the work they’ve done so far to operate at their scale.
Trezor Firmware. New Trezor suite and firmware updates include EIP-1559 compatibility and support for completely offline setup. Its news to me that Trezor suite was did not support air-gapped operations, but perhaps this suite makes it easier for consumers to take extra care of their self-custody.
Block explorers. Chainalysis is allegedly using a block explorer to de-anonymize users. This initiative has helped law enforcement by sharing IP addresses of users that query for suspicious addresses. This is an old block explorer, and the owner of the website did join Chainalysis shortly after it was built. This is another data point regarding the importance of minimizing meta-data leakage from basic data queries. It is fundamentally important to own the entire stack including node infrastructure and chain indexing data.
Bitcoin
Lightning Node Management. Openoms has an open source gitbook on best practices for Lightning Node management. Highly recommend!
Taproot support. Taproot activation is around the corner. Specter Wallet’s latest release adds support for single-key taproot for regtest and signet.
Ethereum
Yearn Playbook. Insightful tweet thread on the tooling, operations, and observability efforts managed by the Yearn Finance team. I really like their playbooks for various operator situations. It would be very useful for more projects to share their playbooks for transparency and showcase their disaster readiness.
Entropy. MyCrypto writes an introductory blog post on the concept of entropy.
Smart Contract Security. OpenZeppelin shares a set of smart contract security guidelines.
Ledger <> Etherscan. Ledger partners with Etherscan in displaying security reports on addresses in their block explorer.
Other
Polkadot. Incase you missed it, Gavin Wood wrote a two-part blog post on the Cross-Consensus Messaging format (XCM) used in the Polkadot ecosystem. Part One and Two.
Security
NIST Supply Chains. Nist has a new report on supply chain validation.
Netflix. New blog post on securing Netflix at scale.
Go crypto/tls. This blog post shares the design decisions in a new ordering of ciphers in Go’s crypto/tls package. I really appreciate the effort by the Go team to design safe cryptography APIs within the standard library. Worth reading to understand the trade-offs involved in designing a good crypto library! Here’s an excellent takeaway:
“This is consistent with our general philosophy of making cryptographic decisions whenever we can, instead of delegating them to developers, and with our cryptography principles.”
Go Fuzz. Go 1.18 will have native fuzzing support. Awesome!
Have a great rest of the week!