Actions

Ethereum

From Whonix

Ethereum Logo

Introduction[edit]

TODO:

Ambox warning pn.svg.png Documentation for this entry is incomplete. Contributions are happily considered!

Full vs Light Node Privacy and Security Considerations[edit]

Full Node Advantages[edit]

Similar to Bitcoin Core / ElectrumX, the whole blockchain gets downloaded and analyzed for the user's addresses/transactions locally on their own local computer.

Light Node Advantages[edit]

Very, very much easier to use.

Light Node Disadvantages[edit]

Similar to electrum Bitcoin wallet when using third-party servers. A bit less severe since a Bitcoin wallet contains multiple addresses but a Ethereum wallet contains only one address. Could use a Qubes Disposables for watch-only.

Disk Space[edit]

Full Blockchain Validating Node disk space requirement more than 1 TB.

Full Node Appliances[edit]

There are ETH full node ready-made box one can buy. Maybe easier for clearnet users. Difficult if anonymity is desired.

But these aren't optimized for anonymity / use with Tor. Any anonymity features wouldn't have Whonix leak-proof robustness since for them it would be a gimmick and not project focus.

ETH vs Tor generally[edit]

Apparently the ETH developers are not prioritizing anonymity or Tor-anything even though it's supposedly uncensorable smart contracts.

Chaos issue tracker with nonsense lazy stale-bot that is closing issues which aren't fixed:

A full node directly over Tor is difficult due to node discovery because Tor does not support UDP. Quote: How To Sync an Ethereum Node via Tor [archive]:

It’s important to do this right — in this step you select nodes you trust. If you get tricked into adding mostly compromised nodes, your Ethereum client can be manipulated into following a fake chain.

https://ethernodes.org/tor-seed-nodes [archive]

As a workaround Transporting UDP Tunnels over Tor might be used in theory but is untested if that would be fast and reliable enough to download 1 TB (speak 1000 GB) and counting of blockchain data over Tor.

ETH Full Node on Self-Hosted Remote Server[edit]

High disk space requirements.

Personal experience by Whonix ™ developer Patrick. Maintenance intensive, things keep breaking, broken blockchain synchronization, development team was highly unresponsive in fixing critical issues such as blockchain synchronization, sync bugs. See bug report Unable to sync ethereum blockchain [archive] which was opened in 2017. No Ethereum developer attempted to debug the issue by asking other users or otherwise acknowledged the issue which was then automatically closed by the stale bot.

Full Node Conclusion[edit]

Looks very difficult and very messy.

Pruning Mode[edit]

TODO

Wallet Security Considerations[edit]

General Security Considerations[edit]

Avoid mixing wallets for ETH long term storage with wallets used for DeFi or NFT.

Be aware of the security issue with unlimited and infinite token approval. [archive]

How does the industry, institutional ETH custodians secure their funds?[edit]

Gnosis Safe allegedly storing more than 1 billion $ USD. [archive] Would require more research if that is so indeed. No mainstream sources have been found yet.

smart contract based on chain multisig[edit]

Discouraged. Millions worth of ETH was and still is frozen in the parity multisig smartcontract. [archive] More references under Smart Contract On Chain Multisig vs Threshold Signature Wallets.

Is there a way to use multisig without smart contracts on Ethereum? [archive]

Ethereum does not support native threshold wallets [archive]. You need to use multisignature wallets like Gnosis Safe [archive].

Gnosis Safe requires only one transaction per execution from the multisig wallet. Other communication happens off-chain. Thus your assumption "very expensive and slow, because it requires a lot of transactions." is incorrect.

Threshold Signature Wallets[edit]

Great in theory. In practice, there are no known Freedom Software based implementations available.

Proprietary products are discouraged due to privacy issues. Presumably as for any corporation, they would want to setup a call with their customer, identify, onboard, want to know details about the operation, possibly upsale and vendor lock-in.

Wallet Security Setups Comparison[edit]

Introduction[edit]

MyCrypto could be replaced by MyEtherWallet (MEW) because it is very similar or any other suitable wallet, if there are other alternatives.

Local Wallet Recommendation[edit]

In all cases, it is far better if the wallet software is running locally on the user's own computer. This is possible with both, MyCrypto and MEW.

Using web services such as mycrypto.com or myetherwallet.com is discouraged.

Watching[edit]

Users not using a full node should consider using multiple wallets to watch their addresses. For example:

  • MyCrypto
  • MyEtherWallet
  • use web services such as etherscan.io

Option 1: MyCrypto-online + Hardware Wallet[edit]

Both, MyCrypto-online VM + MyCrypto-offline VM on the same computer.

Advantages:

  • malware resistance: Can survive Qubes online computer dom0 compromise.

Disadvantages:

Option 2: on same computer - MyCrypto-online + MyCrypto-offline[edit]

Both, MyCrypto-online VM + MyCrypto-offline VM on the same computer.

Advantages:

  • encryption: Adversaries with physical access stealing a luks full disk encrypted offline computer while powered off according to current knowledge won't be able to extract private key.
  • Usability. Easy to use in Qubes with copy/paste. Would be similar to the electrum split wallet video that I recorded for you in the beginning.

Disadvantages:

  • No multisig.
  • malware resistance: Cannot survive Qubes online computer dom0 compromise.

Option 3: with two computers, physical isolation (airgap) - MyCrypto-online + MyCrypto-offline[edit]

MyCrypto-online and MyCrypto-offline running on different, physically isolated computers.

Advantages:

  • encryption: Adversaries with physical access stealing a luks full disk encrypted offline computer while powered off according to current knowledge won't be able to extract private key.
  • malware resistance: Survive Qubes online computer dom0 compromise.

Disadvantages:

  • No multisig.
  • Usability: No built-in QRcode feature. The user would need to, either:
    • A) Create QRcode on the command line using for example qrencode and it on a physically isolated offline computer, photograph it with a camera, decode it using qrencode, or
    • B) transfer the signed transaction using USB (which comes with the usual USB risks).

Wallets[edit]

Installation[edit]

TODO

Metamask[edit]

Metamask by ConsenSys.

Pros:

  • Reputation.

Cons:

Neutral:

  • Stateful. Reset wallet feature often needed.

MyCrypto[edit]

Pros:

  • desktop app

Quote MyCrypto: unclear if MyCrypto desktop application is maintained or not [archive]:

app.mycrypto.com currently does not work offline, so for those situations we recommend using the desktop application. It is not actively maintained however, and we don't add any new features to the desktop application. It's still perfectly usable though if you have a plain private key or want to send offline. We are working on a replacement for the desktop application, which you can check out here: https://github.com/MyCryptoHQ/quill [archive]. It's still a work in progress however, and we don't recommend using it with "real" private keys just yet.

We will still update it in case of security vulnerabilities, at least until the release of the new application.

Offline use notice: The VM or computer needs to be really offline. It cannot be tested online, not even for testing purposes. This is because MyCrypto auto detects if VM is offline or online and the application changes accordingly. [1]

Usability for Offline Use[edit]

According to MyCrypto: How to Make an Offline Transaction [archive] one needs to find out:

  • nonce
  • gas limit (easy, 21000 for ETH, rarely changes, harder for token, hardest for DeFi)
  • gas price (gwei)
  • data: keep this empty for simple ETH transfers

This is likely specific to Ethereum and unspecific to MyCrypto.

MyEtherWallet[edit]

Also called MEW. Very similar to MyCrypto.

Can run locally, in browser: yes

Cons:

  • No desktop app.

See Also[edit]

Footnotes[edit]



Fosshost is sponsors Kicksecure ™ stage server 100px
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki


Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: Discourse logo.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contribute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png Iconfinder Apple Mail 2697658.png Reddit.jpg Hacker.news.jpg 200px-Mastodon Logotype (Simple).svg.png

Please consider a recurring donation! Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.