Secret Ledger App Audit

SecretSaturn · October 11, 2023, 3:43pm

Hey everyone,

We have a plan to enhance our Secret Ledger App and ensure it’s secure and robust for all users. This involves an app update and an audit by one of Ledger’s external auditors (see here: Security Audits | Developers).

The Plan in Brief:

Update Details:

We aim to add Ledger Stax support to our Secret Ledger App.
For the tech-savvy among you, check the GitHub PR .

Audit Essentials:

A specialized audit firm Kudelski IoT will review the app for a fee of 5025 Euros to ensure it’s safe and dependable.

Developer’s Fee:

The update work that I’ve done and will have to do costs around 1600$ which accounts for 20 hours of development work, priced at 80$/hour.

Total cost:
Total ask is: 5025 Euros + 1600 $. These numbers are not including the 5% volatility buffer, but the final ask including a currency conversion into USD will include it.

Advantages of the Update:

The update adds Ledger Stax support, updates the app to the latest audited upstream as well as some smaller UX improvements.

Funding and Utilization:

We’re seeking financial support for the audit and the development. This could potentially be sourced from community funds or a grant from SCRT Labs.

Timeline of Activities:

Completion of Update: Already, done see the Github PR above. Ledger has also completed the functional review of the update, see here: (Airtable - Integration Board BETA)
Audit Duration: Scheduled immediately post-update and subject to audit firm timelines.
Launch: The updated app will be released after ensuring all audit feedback is implemented and Ledger pushes the update.

Communication and Updates:

We pledge to maintain transparency and keep the community informed at every stage of the process, sharing regular updates on development, audit results, and eventual implementation.

Seeking Your Approval:

We look forward to the community pools or SCRT Labs endorsement to allocate the necessary funds, facilitating the seamless and secure enhancement of the Secret Ledger App.

mohammedpatla · October 12, 2023, 4:31pm

Question @SecretSaturn is this relevant for the Ledger Live support as well? And would we be natively be able to add SNIP assets on the ledger app (SILK, SHD)?

thenodefather · October 12, 2023, 5:06pm

This is clearly needed if we care about ledger live support (we do…). Thank you, Saturn.

SecretSkrillah · October 12, 2023, 5:14pm

Thanks for all the work you did on this already @SecretSaturn, will vote Yes if it goes to commpool.

Will there be a blind signing feature?

SecretSaturn · October 30, 2023, 12:14pm

Not in this update, sorry.

SecretSaturn · October 30, 2023, 12:17pm

An update to the proposal:

It seems like this proposal will go to the community pool.

Because I’ve been appointed as Dev Rel at the Secret Network Foundation (see here: Please welcome the newest member to the Secret Network Foundation: Alex | Secret Saturn), the proposed ask of 1.600$ for development costs of the update is not appropriate and will not be included anymore.

The total ask therefore reduces to just the pure audit costs of 5025 Euros, which I will get a formalized quote for.

SecretSaturn · November 6, 2023, 10:52am

Another update:

After some more talks, Kudelski IOT is willing to be paid in USDC via their Coinbase account.

I’ll put the proposal up for the funding very soon.

Any left over funds will be returned to the community pool as soon as I can do that.

ertemann · November 6, 2023, 11:44am

Potential best path:

Sell for USDC.axl on Shade
IBC to osmosis
1:1 unwrap for Noble usdc
CCTP noble usdc to polygon
Polygon to coinbase

Goodluck!

SecretSaturn · November 23, 2023, 4:13pm

We can finally move forward to putting the proposal on chain.

The final ask from Kudelski IOT is USDC 4,730

SecretSaturn · December 8, 2023, 11:19pm

Thanks to the community for the successful passing of this proposal.

After successful conversion, only 12510 SCRT needed to be swapped to USDC (+ some extra
≈ 150$ overhead for gas fees etc., all excess will be paid back ofc).

The swaps are: Mintscan (test swap) and Mintscan

The addresses of the funds are:
secret1sww78qu27kaclhsnm65y94wrcagmj7mjhzp6fy and osmo1sww78qu27kaclhsnm65y94wrcagmj7mjauxrz2

The final invoice will be sent together with the initial detailed technical evaluation report. After the payment to Kudelski IOT is done any excess funds will be returned back to the community pool.

Best,

Alex | SNF | Secret Saturn

SecretSaturn · December 11, 2023, 2:35pm

An update on the auto:
The audit has kicked off, we should hopefully see the final report in about 2 weeks.

SecretSaturn · February 14, 2024, 12:01pm

After the audit successfully passed in Dec 2023, Ledger did some extra due diligence and took some more time before pushing the update to production yesterday.

The PR can be found here: Merge develop into main - release 2.34.3 by tdejoigny-ledger · Pull Request #13 · LedgerHQ/app-secret · GitHub

The money was paid to Kudelski IOT here: Ethereum Transaction Hash (Txhash) Details | Etherscan. Any excess funds were sent back to the community pool (around 1,6k SCRT) in this TX Mintscan

Best,
Alex | Secret Saturn

Topic		Replies	Views
Keplr Wallet AMA General / FAQ	8	574	December 12, 2022
Keplr - Secret Network Integration Update Secret Network	7	2408	October 8, 2020
SecretTokens and SecretDefi Secret Contracts and Secret Apps	2	692	August 10, 2020
Secret Ledger App Fix	0	86	June 21, 2024
Secret Developer Tutorials - Looking for contractor Developer Help	2	754	November 30, 2020