In the previous update, we highlighted some of the ongoing developments for the security audit of the Trinity wallet. This post will mainly outline our progress and results.
If you have any questions about ongoing development of the Trinity wallet, please join the#trinity-discussion Discord channel.
As announced in our last update, the Trinity mobile and desktop applications are undergoing a security audit by a leading security firm. The audit will assess authentication, storage areas, configuration and validation in the applications, and will ensure that a high level of security is in place. Since submission for security audit, we have tackled the outstanding bug list for mobile reported by our beta testers.
Here is a summary of some of the recent completed and in-progress works.
- Add retry button, error log and change node Realm migration (#1041)- Add migration retry and node change functionality (#1094)- Update Entangled node use 1) add batched proof-of-work and 2) switch to trits address generation (#1095)- Ledger functionality and UX bug fixes (#1101)
- Correctly update history screen props when modal props are updated (#1046)- Automate entangled android build (#1065)- Integrate native signing (#1097)- Fix Entangled (iOS) bugs/memory leaks (#1100)- Replace QR dependency (#1119)- Rebuild Entangled libs with API level 19 (#1138)- Fix UI bugs and refactor some areas of codebase (#1146)- Enable 2FA on “view seed” screen and improve UI (#1171)- Use local time for SeedVault export file (#1178)- Document entangled build steps (#1052)- Add account name autofill for SeedVault (#1181)- Link up trit-based checksums (#1172)- Refactor CustomTextInput component and add ability to mask/unmask text (#1173)
- Fix issues related to renaming account (#1045, 1077)- Integrate batched proof-of-work (#1071)- Remove dead nodes from local configuration (#1087)- Setup realm schema migration (#1089)- Update Argon2iOS to accept Int8 array (#1090)- Fix invalid bundle issue on zero value transaction with bundle size > 1 (#1093)- Add more default nodes (#1106)- Fix order in which bundles are stored (#1108)- Do not store invalid bundles constructed with local PoW (#1122)- Fix account index issue (#1139)- Add eclipse project files path to gitignore (#1140)- Add polling service for automatically retrying failed transactions in wallet (#1142)- Resolve request package to version >=2.88.0 (#1148)- Reduce quorum size temporarily to reduce load times (#1149)- Fix propType warnings in tests (#1150)- Disable quorum on login (#1157)- Update the year header to be current (#1160)- Resolve node.extend package to version >=1.1.7 (#1161)- Update sinonjs to version ^7.2.7 (#1163)- Improve realm schema and data migration setup (#1168)
After bug fixing, our focus has shifted towards completing the outstanding issues and features required for full release.
Taking into consideration advice from the security audit team, we aim to introduce deep linking into the final release. This will allow users to automatically open Trinity by clicking on a link on a vendor’s site, ready to pay the correct amount to the correct address.
We also hope to have manual sweeps ready before (or soon after) full release. Trinity does not traditionally allow spending from “previously spent addresses” for safety reasons. This new Manual Sweep feature will unblock these funds by securely transferring them to an unused address, whilst minimising the chance of attack.
Another area that we are focusing on before full release is test coverage. While Trinity already has good overall test coverage, it still misses some tests for critical areas such as the keychain and the Realm database. We also plan to add end-to-end tests, which will allow us to test changes in an environment that simulates user behavior.
To this end we actively encourage community pull requests, and our team is always ready to help you get up to speed on our Discord channels. Please do join the IOTA Discord server. We would love to see you there.