Content pfp
Content
@
https://rainbow.me
0 reply
1 recast
1 reaction
Adam pfp
Adam
@adamhurwitz.eth
if we started a petition to stop using (boycott) rainbow until they had a public audit (likely using OpenZeppelin) would you sign it? (love u mike)
3 replies
0 recast
0 reaction
mike rainbow (rainbow mike) ↑ pfp
mike rainbow (rainbow mike) ↑
@mikedemarais.eth
yo yo adam! sorry for late reply on your many asks re: audits we had an audit done on the codebase 5 years ago back before it was even called Rainbow (was balance at the time) -- would that audit be of interest to you? we have not pursued audits since then bc in our minds audits of regularly updating codebases is not very useful for anybody. wallet apps like Rainbow regularly push updates and make large changes to the codebase, any audit would be immediately obsolete the next time the app gets an app store update. smart contract wallets on the other hand def are worth auditing
1 reply
0 recast
0 reaction
Adam pfp
Adam
@adamhurwitz.eth
Hey @mikedemarais.eth, Thank you for explaining the practical reality of externally owned accounts (EOAs) and audits compared to smart account audits! My assumption was that the smart contract portion of code relating to the core custodial features for most token types would remain mostly unchanged aside from major and rare protocol upgrades. Whereas the regular updates mentioned consist more of client side (Desktop and mobile) new features, logic error fixing and optimizations. Audits aside @rainbow meets many of the other important characteristics for diversifying @safe approver accounts so from my research so far seems like a good option. https://forum.safe.global/t/social-safe-accounts/5136/9?u=adamhurwitz.eth
1 reply
0 recast
0 reaction
mike rainbow (rainbow mike) ↑ pfp
mike rainbow (rainbow mike) ↑
@mikedemarais.eth
> My assumption was that the smart contract portion of code relating to the core custodial features for most token types would remain mostly unchanged aside from major and rare protocol upgrades. EOA wallets do not use any smart contracts for functionality, what you are saying here is def true for smart contract wallets but not of EOAs
1 reply
0 recast
0 reaction
Adam pfp
Adam
@adamhurwitz.eth
Thank you and great to learn! I will update the Safe forum post above.
1 reply
0 recast
0 reaction
Adam pfp
Adam
@adamhurwitz.eth
Also @mikedemarais.eth it would be useful to review the audit from 5 years ago so that I can learn more about how EOAs are examined.
0 reply
0 recast
0 reaction