Ethereum

We've put up a Safe{Wallet} UI mirror on EarthFast at eternalsafe.earthfast.app

A big thanks to @devanon for creating the EternalSafe fork, and to the @safe team for funding the grant that made it possible.

EarthFast is committed to making secure, decentralized frontend hosting the industry standard –– users should know what code they are interacting with.

More info ⬇️

Decentralized mirror of Safe{Wallet} UI is now live on @earthfast 

Stay safu

Decentralize your frontend, securely.
https://earthfast.com/

cofounder & coo @earthfast – building vercel for crypto. prev: founding eng @audius

How does this mirror help mitigate certain hacks?

All protocols using @earthfast for their frontends register their projects on our smart contracts

This offers security for the deployer and for the end user.

1) Version updates are managed onchain, so the community can see the code in every update transaction

2) A Service Worker runs inside client browsers which does 2 things:
    – it fetches the code bundle from the decentralized node network
    – performs checksum validation against onchain records to ensure code authenticity

2/

This is the alt account of Sister Hazel. Writings at https://powerlaw.systems. Curating https://protocol-particles.github.io.

Great question :)

more info here https://warpcast.com/sidsethi/0xd6c4977c

I saw that post. How does the client know that a content node isn't compromised, or that the rendering in the browser is legitimate?

The client doesn't care about the content node, because the frontend checksum is written on chain, and the client runs a service worker which validates the content checksum against its onchain record

I am the client, and I care where the content I am requesting is coming from. 

What does it take to compromise the service worker? Where is this logic coming from?

It's great that the stuff onchain is unbreakable, but assuming all supply chains are compromised, how do I verify that what I am getting is the real thing?