Storing your Ethereum Safely
Today, we’re excited to announce Ethereum support on Casa! However, there is one catch…
Casa will only support single key management of Ethereum.
Current Ethereum multisig is fundamentally insecure, and we refuse to risk client funds and our reputation on current options.
The good news is that there are several potential solutions:
1. Establish & formally verify a standard multisig contract.
2. Implement account abstraction.
3. Custom native multisig.
Today, we are making a constructive recommendation to the Ethereum community on path forward with a goal to resolve this fully at DevCon 4 in October.
Why does Ethereum need better value storage?
Casa is designed for long-term, safe and secure value storage. We started with Bitcoin because it was designed to be a kind of digital gold, and is the hardest value storage in the world.
Ethereum is different — designed to be a computation platform — but that doesn’t mean that storing value can be ignored. In fact, storing value and correctly linking ownership of that value is the single most important feature of Ethereum. “Value” includes not only ether, but utility tokens, security tokens, unique/non-fungible tokens, etc. Nobody is going to use Ethereum to prove their identity if that proof can lost accidentally or wiped away in seconds due to a bug.
The Parity hack and loss of funds last year factored heavily into our decision to avoid existing Ethereum multisig. It demonstrated that in some cases, even if the logic of a smart contract is sound, there are attack vectors that can be accidentally or intentionally triggered where loss of funds is enormous.
There is another, less obvious danger for the Ethereum community aside from loss of funds. If users of Ethereum aren’t confident in their ability to securely and easily store value, then many users will simply move to other platforms.
How do we improve Ethereum value storage?
With most Ethereum wallets today, only a single signature secures funds. It takes just one password hack or stolen device to steal funds. There are no user friendly, secure multisig wallets available on Ethereum mainnet (Gnosis’ Safe app is the closest, but still in testing on Rinkeby testnet).
We firmly believe that while single signature wallets will continue to exist, the majority of value will eventually be stored in multisig wallets due to the huge improvements in security they provide.
The Casa team proposes three distinct options to improve Ethereum fund security:
- Create or designate a standard multisig smart contract. (Fastest option)
- Finish building account abstraction, which allows any type of signature scheme when sending transactions. (6+ months dev time minimum)
- Add multisig at the EVM level, with no reliance on smart contracts or account abstraction. (6+ months dev time minimum)
What is Casa?
Casa is the best personal key system on the planet. Keep full control of your Bitcoin and Ethereum with multi-signature + multi-location + multi-device software combined with premium 24/7 support.
How to use Casa?
Appendix — Useful References
Existing Contracts Referencedgnosis/safe-contracts
Formal Verification ProcessHow Formal Verification of Smart Contracts Works
Formal Verification of ERC-20 Contracts
Account AbstractionUnderstanding Serenity, Part 1: Abstraction
What is the ethereum account abstraction?
Account abstraction for main chain - Issue #859 - ethereum/EIPs
Tradeoffs in Account Abstraction Proposals
A recap of where we are at on account abstraction