>We think the “pure” version of the CDP primative, using only pristine on-chain collateral as implemented by Liquity v2 provides the most robust model for a native stablecoin
Can you guys do a portfolio update please? It’s not even about being sidelined on trump at this point, it’s about losing all hope in eth. Some advice would be really appreciated as you’re likely the only trustworthy follows that make sense out of this.
On the subject of stablecoins, imagine being able to park your USD in a market-neutral pool managed by experienced professionals—that’s precisely what Avant Protocol aims to achieve. I happen to know one of the managers behind their current yield strategies, and that personal connection is the primary reason Avant is on my radar. They partnered with Avalanche for their initial launch but have plans to expand to other chains soon. As always, do your own research (DYOR):
Naturally, any on-chain project entails risk. Here, it goes beyond the usual smart contract vulnerabilities since managers can be wrong. However, Avant attempts to mitigate “currency” risk (since you’re staying in USD) and reduces concentration risk (the managers are not tied to a single protocol). If you’re looking to hold USD while seeking a managed yield strategy, Avant may be worth considering. I find the market-neutral approach is an intriguing twist on typical stablecoin yields.
A good up to date resource for the L2 features / security / decentralization is L2Beat. If you can't exit by sending a transaction on the L1 if the proposer/sequencer on the L2 is unavailable (or censoring your transactions) then yes your funds can be frozen. In the case of Base, you can self-propose (after a 12h delay) and self-sequence so there's no censorship in place at the L2 level, just the smart contract level (e.g. USDC and any other coin with a blacklist feature)
Hello! Unrelated to this thread. I asked a while back about Tangem wallet (see link below, not a promotion). Is this up to your guys standards for security? Thanks!
Hello, sorry for the delays in looking for the information and getting back to you. Having redone the work I recall my comment:
First, this looks like a good solution to diversify types of hardware wallet for a multi-sig account. I would add this as an extra signer on a Gnosis safe cold wallet for sure.
Second, I don't like that the software is smartphone only. There might be a time when crypto software is banned, restricted, or tracked (in your particular jurisdiction) so you won't be able to rely on the Apple/Android stores to download/update the app. It might even be the case that, 1984 style, apps banned from the app stores are also removed from the devices they are installed on. You'd need to set out getting a jailbroken device, or use the Android emulator in the SDK, and then try to build the Android source from the Github with all the dependencies.
It's up to you to decide how heavily to weigh this vulnerability; if this is a backup to a quorum of other devices then it's availability only matters if other options fail. I wouldn't use this as my main device.
The other issue you need to consider with a smartphone is the potential for leaking your location and the balance of the crypto wallets you have access to if there is third party malware on the phone. My default is not to trust smartphones as anything connected to the cell network absolutely cannot be made secure.
In terms of the firmware being closed source, this is going to be the case due to commercial realities, intellectual property etc. The way you mitigate against potential leaks (and potential weaknesses in the randomness/seed generation process if you choose to create a key on device - which you probably should for certainty that the key never exists outside the device) ... is again to use it in a multisig configuration so no one compromised device or weak key can steal your funds.
A final comment on the signing process. There is no screen on the hardware wallet for you to verify the transaction you are signing. You have to trust what is displayed on your mobile device. If the mobile device is compromised, then I don't see how you prevent the compromised device from presenting you Transaction A while sending Transaction B to the card for signature. Since you just tap the card to use NFC, there's no opportunity to view the signature before it is transmitted back to the (insecure) device. So I'd never use this as a standalone solution to control funds on my main wallet.
As far as the security audits go, very little detail is provided. The 2018 audit admits that a number of security risks were found, but doesn't elaborate. We don't therefore know whether the risks identified signified lack of skill and experience designing this type of secure solution, or not. https://research.kudelskisecurity.com/2018/08/06/audit-of-tangems-smartcard-wallet-code/
Of course the issues identified by the auditor have been cured, but this is never a guarantee that all issues were found.
For the more recent audit, I can only find these two blog posts which are pretty lacking in detail.
1. Most likely attack vector is that you have to trust what the screen on your smart phone is telling you about the transaction which will be presented for signing to the card. There is no way to view the actual transaction on the hardware device itself, which somewhat defeats the purpose of a hardware wallet. Yes, the firmware of the card cannot be updated, but the smartphone software app you interact with certainly can be, and potentially maliciously too. Distrust smart phones.
For this reason Tangem would be ruled out for me as the sole signer of a cold wallet, but does have value as part of a multisig quorum.
2. The lack of a PC version of the software means that you might need to maintain an Android SDK environment and an unlocked Android device to access your funds in any scenario where there is corporate (Apple/Google) or government restriction of crypto software. There's also the possibility that being on a mobile app can leak your location as well as the crypto holdings the tangem wallet contains to an attacker. Smart phones know your GPS, it's generally harder to pinpoint the exact location of a PC especially if you use a VPN.
As usual with security you need to examine your own threat model and risk tolerances balanced with convenience. Unless having your wallet balance and GPS location leaked (only possible at the time you install/use the app - you could keep it uninstalled until needed) is a major concern, I'd say this is an acceptable solution for part of your multisig.
In isolation, treat it as a hot wallet and only put funds you can afford to lose.
Hope this helps, please ask any other questions about Tangem.
You're welcome, I am fairly sure I wrote something even more detailed for the first time you requested so was quite peeved when it didn't show up in substack searches. Thanks for your patience.
Curious to know if you think the product fits your use case, and if not what you'd consider instead...
>We think the “pure” version of the CDP primative, using only pristine on-chain collateral as implemented by Liquity v2 provides the most robust model for a native stablecoin
USDaf?
Wen USDaf?
Can you guys do a portfolio update please? It’s not even about being sidelined on trump at this point, it’s about losing all hope in eth. Some advice would be really appreciated as you’re likely the only trustworthy follows that make sense out of this.
That's done for you in latest post.
Yes thanks, was msging this prior the latest post - appreciate you guys coming with it in times of uncertainty and trump coin nonsense
This is exactly why I subscribe
On the subject of stablecoins, imagine being able to park your USD in a market-neutral pool managed by experienced professionals—that’s precisely what Avant Protocol aims to achieve. I happen to know one of the managers behind their current yield strategies, and that personal connection is the primary reason Avant is on my radar. They partnered with Avalanche for their initial launch but have plans to expand to other chains soon. As always, do your own research (DYOR):
https://docs.avantprotocol.com/
https://metrics.avantprotocol.com/metrics/apy
Naturally, any on-chain project entails risk. Here, it goes beyond the usual smart contract vulnerabilities since managers can be wrong. However, Avant attempts to mitigate “currency” risk (since you’re staying in USD) and reduces concentration risk (the managers are not tied to a single protocol). If you’re looking to hold USD while seeking a managed yield strategy, Avant may be worth considering. I find the market-neutral approach is an intriguing twist on typical stablecoin yields.
Does that mean that all tokens on base could be frozen as well? Or only usdc on base?
A good up to date resource for the L2 features / security / decentralization is L2Beat. If you can't exit by sending a transaction on the L1 if the proposer/sequencer on the L2 is unavailable (or censoring your transactions) then yes your funds can be frozen. In the case of Base, you can self-propose (after a 12h delay) and self-sequence so there's no censorship in place at the L2 level, just the smart contract level (e.g. USDC and any other coin with a blacklist feature)
https://l2beat.com/scaling/risk
That's very clear, thank you for explaining!
Hello! Unrelated to this thread. I asked a while back about Tangem wallet (see link below, not a promotion). Is this up to your guys standards for security? Thanks!
https://tangem.com/en/
Hello, sorry for the delays in looking for the information and getting back to you. Having redone the work I recall my comment:
First, this looks like a good solution to diversify types of hardware wallet for a multi-sig account. I would add this as an extra signer on a Gnosis safe cold wallet for sure.
Second, I don't like that the software is smartphone only. There might be a time when crypto software is banned, restricted, or tracked (in your particular jurisdiction) so you won't be able to rely on the Apple/Android stores to download/update the app. It might even be the case that, 1984 style, apps banned from the app stores are also removed from the devices they are installed on. You'd need to set out getting a jailbroken device, or use the Android emulator in the SDK, and then try to build the Android source from the Github with all the dependencies.
It's up to you to decide how heavily to weigh this vulnerability; if this is a backup to a quorum of other devices then it's availability only matters if other options fail. I wouldn't use this as my main device.
The other issue you need to consider with a smartphone is the potential for leaking your location and the balance of the crypto wallets you have access to if there is third party malware on the phone. My default is not to trust smartphones as anything connected to the cell network absolutely cannot be made secure.
In terms of the firmware being closed source, this is going to be the case due to commercial realities, intellectual property etc. The way you mitigate against potential leaks (and potential weaknesses in the randomness/seed generation process if you choose to create a key on device - which you probably should for certainty that the key never exists outside the device) ... is again to use it in a multisig configuration so no one compromised device or weak key can steal your funds.
A final comment on the signing process. There is no screen on the hardware wallet for you to verify the transaction you are signing. You have to trust what is displayed on your mobile device. If the mobile device is compromised, then I don't see how you prevent the compromised device from presenting you Transaction A while sending Transaction B to the card for signature. Since you just tap the card to use NFC, there's no opportunity to view the signature before it is transmitted back to the (insecure) device. So I'd never use this as a standalone solution to control funds on my main wallet.
As far as the security audits go, very little detail is provided. The 2018 audit admits that a number of security risks were found, but doesn't elaborate. We don't therefore know whether the risks identified signified lack of skill and experience designing this type of secure solution, or not. https://research.kudelskisecurity.com/2018/08/06/audit-of-tangems-smartcard-wallet-code/
Of course the issues identified by the auditor have been cured, but this is never a guarantee that all issues were found.
For the more recent audit, I can only find these two blog posts which are pretty lacking in detail.
This blog by the auditor seems to trail off inexplicably after describing the threat model and not the findings. https://www.riscure.com/approaching-effective-crypto-wallet-security-evaluation/
Tangems' comment on the audit only makes the statement that no vulnerabilities were found without further detail:
https://tangem.com/en/blog/post/tangem-wallet-riscure-audit/
So what's the tl;dr on this?
1. Most likely attack vector is that you have to trust what the screen on your smart phone is telling you about the transaction which will be presented for signing to the card. There is no way to view the actual transaction on the hardware device itself, which somewhat defeats the purpose of a hardware wallet. Yes, the firmware of the card cannot be updated, but the smartphone software app you interact with certainly can be, and potentially maliciously too. Distrust smart phones.
For this reason Tangem would be ruled out for me as the sole signer of a cold wallet, but does have value as part of a multisig quorum.
2. The lack of a PC version of the software means that you might need to maintain an Android SDK environment and an unlocked Android device to access your funds in any scenario where there is corporate (Apple/Google) or government restriction of crypto software. There's also the possibility that being on a mobile app can leak your location as well as the crypto holdings the tangem wallet contains to an attacker. Smart phones know your GPS, it's generally harder to pinpoint the exact location of a PC especially if you use a VPN.
As usual with security you need to examine your own threat model and risk tolerances balanced with convenience. Unless having your wallet balance and GPS location leaked (only possible at the time you install/use the app - you could keep it uninstalled until needed) is a major concern, I'd say this is an acceptable solution for part of your multisig.
In isolation, treat it as a hot wallet and only put funds you can afford to lose.
Hope this helps, please ask any other questions about Tangem.
Damn that was thoroug! Thanks a lot!
You're welcome, I am fairly sure I wrote something even more detailed for the first time you requested so was quite peeved when it didn't show up in substack searches. Thanks for your patience.
Curious to know if you think the product fits your use case, and if not what you'd consider instead...