DeBank Rabby Wallet的安全特性分析
简介
Rabby是DeBank开发的一款重磅的浏览器插件钱包
特性分析
1. 丝滑的多链体验
When you visit a DeFi Dapp for the first time, Rabby will automatically choose the corresponding chain for this site based on our database. You can also switch to another chain for a specific DeFi manually, but the settings will only work for that site.
当你第一次打开一个DeFi Dapp,Rabby会根据后台数据自动切换到合适的链上,当然用户也可以手动切换,但这些操作都是针对一个链的。
2.让用户理解签名实际上在签的什么
The confirmation pop-up window from traditional extension wallets does not clearly explain what does the transaction exactly do. 99% of DeFi users are blindly signing transactions they don’t really understand at all, which is extremely risky for their life savings.
Based on DeBank’s previous experience in DeFi, we managed to parse the transaction content for you in Rabby’s signing confirmation pop-up window. Rabby helps you understand what you are really signing and show your estimated balance change before you sign.
传统插件钱包的确认弹窗并不能精确地告诉用户签的是什么。99%的DeFi用户一点都不理解签名内容,这在区块链的世界里是非常危险的。
基于DeBank用户使用经验,Rabby可以帮助用户理解用户在签什么,估计可能带来多少资产的变动风险。
3.事务提交之前的风险扫描
Rabby sends every transaction into a security engine for screening before you sign it to help you identify the potential risks hidden behind. Rabby will alert you if it finds potential vulnerabilities such as “The interacting contract has been attacked before”, “The recipient address does not exist on the chain”, etc.
传统的钱包在用户提交事务时并没有做到很好的保护用户的资产。Rabby会在用户发送每笔交易之前通过自己的安全引擎进行扫描,来帮助用户潜在的风险。如果有类似"交互的合约之前被攻击"、"交互的地址实际不存在"等风险,会给出提示。
4.保持开源
Open source is one of the most important things in the crypto world. Rabby insists on being open sourced and is the only one that uses the most friendly MIT license among mainstream extension wallets.
在加密世界,开源是至关重要的。Rabby保持开源并且采用MIT的友好授权模式。
5.去中心化
Your private keys are stored on the front-end side only and can be exported by you at any time, which is entirely independent on Rabby’s back-end services.
私钥保存在用户侧,与Rabby后端服务完全隔离。
6.Less is more
Keeping core functions only also makes Rabby much easier to be audited and safer for you to use.
保持核心、精简的功能。
7.不参与用户事务的构造
Rabby believes that a good extension wallet should act as an independent third-party gatekeeper from you and your visiting DeFi Dapp when you sign a transaction. If Rabby takes part in constructing the transaction itself, then Rabby is being both a player and a referee. Therefore, Rabby does not construct any transaction under any circumstance, but only helps you confirm and sign the transaction initiated by the DeFi Dapp you visit.
Rabby认为一个好的插件钱包应该是一个独立的三方守门人。Rabby在任何情形下都不会参与事务构造,而是仅仅帮助用户确认和签名事务。
8.安全高于用户体验
All user experience optimizations in Rabby are made on the premise that no new security risk is introduced.
- Rabby’s private key management module is developed based on the well-tested and proven components from MetaMask.
- Rabby’s security does not depend on back-end services (including the security rules API), and it does not introduce any new risks to transactions in case the back-end services are unavailable or compromised.
Rabby的私钥管理模块是基于MetaMask已经被测试和证明的安全组件。
Rabby的安全并不依赖与后端服务,即使后端不可用或者被攻击也不会带来任何安全风险。
参考
https://medium.com/@rabby_io/rabby-release-announcement-564406988e2b