-
Notifications
You must be signed in to change notification settings - Fork 920
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor HD Wallets for Enhanced Security #7821
Conversation
@@ -9,7 +9,6 @@ import ( | |||
"github.com/manifoldco/promptui" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Review these changes
@@ -36,7 +36,7 @@ type RecoverWalletConfig struct { | |||
WalletDir string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Review these changes
@@ -6,61 +6,30 @@ import ( | |||
"fmt" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Review this file
…to secure-hd-wallets
…to secure-hd-wallets
What type of PR is this?
What does this PR do? Why is it needed?
Our current HD wallet is extremely insecure, and other teams do not follow our convention. Currently:
If someone takes this seed, or dumps a validator's memory, they are screwed. Moreover, storing a seed on disk is still not an adequate substitute.
This PR advocates for a different approach to our HD wallet altogether. Instead, we make it a simple wrapper around our imported keymanager. During wallet creation, we now show the user a mnemonic and ask them to write it offline, then we ask the user to generate N accounts where N > 0. Then, we import those as keystore files into our imported keymanager. The seed nor mnemonic are never stored after this.
This PR also removes the
accounts create
command the RPC endpoint given there is no longer any way to create a new account in Prysm. This must be done by another tool such as ethdo or the deposit cli.