Slingshot Wallet: Tested, audited, secured.

Slingshot strives to continuously improve the security and reliability of our applications for users. Our team has paid special attention to these values while building Slingshot Wallet this past year. We appreciate in earnest the trust placed in us to facilitate users’ control over their assets and private keys on mobile devices. This blog summarizes the findings from Auditware’s security audit of Slingshot Wallet and announces our recent membership in the Blockchain Association.

Findings from Auditware, summarized

With over 2 million users on the waitlist for Slingshot Wallet, we kicked off beta testing on iOS and Android this past month. While we were eager to share Slingshot Wallet even sooner, we’ve tempered our eagerness with patience and secured a third-party, expert verification of our app’s reliability and security prior to release. Auditware is an expert team of professionals with over seven years of experience in the Web3 space, specializing in audits and security tooling. They conduct smart contract, application, and OpSec audits for Web3 projects.

To ensure safeguarding of user assets, Auditware inspected for “highly tuned security controls and defense-in-depth measures,” in Slingshot Wallet’s audit. Their focus areas included wallet management (key generation, encryption, integrity assurance), authentication (bypass, brute force capability), and data tampering and UI redress. The following security measures were highlighted by Auditware as key examples for Slingshot Wallet’s defense:

Encryption

  • “The private keys and mnemonic seeds of a user’s wallet are encrypted in the Slingshot wallet—so that they are even protected from being read by an attacker with access to your phone.” —Auditware

  • Further improvements to wallet encryption integrity were made following the audit, in order to “guard against highly unlikely yet theoretically possible cryptographic tampering attacks.” —Auditware

Authentication

  • As a user, setting a strong app PIN is extremely important when controlling access to encrypted data. As wallet developers, we believed it paramount to integrate proper protection for user PINs.

  • “The Slingshot team implemented a brute-force lockout to the PIN screen to prevent determined attackers from being able to guess your PIN after many tries.” —Auditware

Overall, Auditware “found no critical vulnerabilities in the application. The Slingshot Wallet is securely designed, and only minor suggestions to improve defense-in-depth were recommended.” To view all findings from Auditware, you can access their full audit report here.

Slingshot joins the Blockchain Association

The Blockchain Association (BA) is leading integral movements within the DeFi industry to provide a positive public policy environment, so that the Web3 future can best be supported by the U.S. The BA creates strong relations between their members, the larger industry, and the government through education, advocacy, and coordination.

The BA is regarded highly for their achievements within the space, and their selection process for new members is extensive, as they “are chosen for their commitment to responsibly building and investing in the next generation of digital services.” Slingshot is honored to join and work alongside other BA members, which range from top centralized exchanges including Crypto.com, Grayscale, and Kraken, to asset management and investment groups including GoldenTree, Polychain Capital, and Bain Capital Crypto, to various blockchain projects and ecosystems like Aave, Ledger, Messari, and Solana Foundation, and others.

Looking forward

Slingshot is looking forward to positively contributing to the BA efforts and to continue enhancements for our Slingshot Wallet as we prepare for public launch. Stay tuned for future announcements regarding the official launch and for Slingshot participation in BA events.

Subscribe to Slingshot
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.