The 'Official' Grin GUI Wallet

Governance
16

Wallet Listing on grin.mw

It can be beneficial to list available wallets for users on the primary website for Grin, especially considering that there is not a GUI wallet in the mimblewimble github organization and that most users will want to use a GUI wallet.

There are two primary possible identified paths to support this, each with their own tradeoffs for the community.

Option 1: Approval curated by core and security teams

The core and security teams can review and curate each wallet listed on grin.mw by manually reviewing to ensure they adhere to all RFCs and building confidence in the wallet developers ability to responsibly handle vulnerability disclosures.

Pros:

  • Low chance of a malicious wallet being listed
  • Guarantee that all listed wallets are compatible
  • Ability to more seamlessly deploy security fixes across wallets

Cons:

  • Approval is subjective without an exact checklist of steps that can be followed to ensure the core and security teams have a high degree of confidence (which may not be possible to produce in a comprehensive way)
  • “Gatekeepers” become responsible for determining whether a wallet will be listed (and by extension used) in the Grin ecosystem
  • There is still no guarantee of eliminating the possibility of malicious wallet activity

Option 2: (Almost) any wallet can be submitted and ranked before listing

Any wallet developer can submit their app to be rated by the core and security teams according to the same metrics used by bitcoin.org. Once rated the wallet will be listed. Wallets are removed by verifiable cases of (willful or not) malicious wallet activity. Wallets that do not verifiably follow accepted RFCs are not rated or considered for listing.

Pros:

  • Less centralized, more open listing method
  • Helps users find the right wallet for the right use
  • No “gatekeepers” subjectively determining which wallets can be listed
    • Though there are still “gatekeepers” doing the ratings

Cons:

  • With a low barrier of entry some users could lose funds to a malicious wallet before it is detected and removed from the list
  • Users may not be able to trust any of the wallets listed if there is a mix of “trustworthy” wallets with those that aren’t

Option 2 seems like a decent compromise of openness and quality. However there is a much higher chance of fund loss due to a malicious wallet being listed in option 2. Option 1 doesn’t guarantee a wallet won’t be malicious in the future either so we do want to avoid giving a false sense of trust or security. Maybe there is a mix of these that will produce the best result. It is important that whichever direction is chosen, users are aware of the risk of malicious wallet activity.

Just wanted to share these thoughts ahead of the next governance meeting https://github.com/mimblewimble/grin-pm/issues/290

5 Likes