If you had some jewellery that you wanted to keep safe, you’d put your items in a… safe, you got it! So, it shouldn’t come as a surprise that the key to keeping your digital items safe, is to also use a Safe.

Well, a digital one. Let me explain.

A Digital Safe

I’ve built custody infrastructure for a large crypto custodian that to this day has not been hacked. We used Shamir’s Secret Sharing, Hardware Security Module servers, georeplicated in highly secure data centers, multiple air-gapped laptops, lengthy key ceremonies, physical and digital key shares backed-up in multiple locations… and more. The point is, it’s a lengthy and costly process that only makes sense if you plan to custodize billions and have many potential attack vectors. That’s probably not you. If it is, this article is not for you.

If you simply want to sleep well at night and custodize thousands to early-millions, I’ve got the setup for you. In order to be able to explore everything the Ethereum ecosystem has to offer, I’ve settled on three tiers of custody, with most assets being stored on the later tiers:

Tiers of Custody

1. I like to live life on the edge.

   This tier is basically for anything that you don’t mind losing. Like, completely okay with losing. You might ask why it even exists then? I would say two reasons. Firstly, sometimes you want to be a degen and a hot wallet is needed so you can quickly execute some transactions. Secondly, if you are developing a dapp, a hot wallet is much easier to use for testing. To be clear, you should move any assets you actually care about to a more secure tier of custody after your degenning.

   Recommendation: On desktop, MetaMask still reigns king here. It is simply the most battle tested hot wallet. Rabby gets an honorable mention due to its much nicer UX and I am personally testing this out (with a new mnemonic of course). Although it doesn’t support Firefox yet which is very annoying. On mobile, I’ve been enjoying Rainbow due to its UX and security. It uses react-native-keychain which means that on modern phones your private keys are encrypted with a key in a hardware security module. For most people, this is probably more secure than MetaMask or Rabby.

2. What if there is a bug in a smart contract wallet?

   If you have Parity multi-sig PTSD, I get it. While I think Safe maintains an admirable software-development lifecycle, there is simply just an extra layer of dependencies involved when using a smart contract wallet.

   For this reason, I recommend to also just have some assets stored on a highly-reliable hardware wallet. This could also be used in cases where a website doesn’t support smart contract wallets.

   Recommendation: Ledger with Frame. While Ledger customer data has been compromised in the past, I think the hardware security and UX they offer is best-in-class. If you want to avoid being in their customer database, I have a tip. Provided you can attend a conference, Ledger often has a booth where they sell Ledgers. Or, you could buy one from a well-known reseller. Or, you could use a PO box and crypto directly on Ledger’s website. It’s important to know of ways to avoid providing personally-identifiable information.

   @joshie_sh reviewed this article (much love) and recommends Trezor, especially for their well implemented passphrase and hidden wallet features. There are many debates online between Ledger and Trezor. The reality is, the hardware of choice is probably not going to be the weakest link in your custody setup and so going with either is fine today.

3. Wow, who knew smart contract wallets were so powerful?

   Me, I knew! And, so will you shortly. See, with a smart contract wallet we can combine the security and convenience of all of the above tiers. Imagine your computer gets hacked and your MetaMask keys get stolen. Now, imagine simultaneously your phone gets hacked and your Rainbow keys get stolen. And, wow, what a hacker they are, they also managed to find a zero-day on Ledger. Quite hard to imagine all of those happening together, right?

   Smart contract wallets allow us to have multiple signers and a threshold. These signers are simply other wallets. The threshold is the amount of signers that need to agree on a transaction. I recommend setting up a Safe with three signers and a threshold of two:

   1. MetaMask / Rabby

   2. Rainbow

   3. Ledger

   Two of these would need to be simultaneously hacked in order to get your assets from a Safe. As you can see, this is already much more secure than having your assets in a single wallet. However, you may find it annoying that you need to always sign with two wallets. Spending limits can come to the rescue here. You can allow one signer to spend a certain amount of a certain token in a defined period. Personally, I have given my Rainbow wallet a small allowance to spend daily from my Safe and this works really well.

Between tiers 2 and 3, I actually don’t think it’s possible to say one is simply safer than the other. Instead, they have different attack vectors and risks. This brings me to my biggest point:

Diversify your assets, anon. You want to diversify all possible attack vectors while minimizing the effort of accessing your funds.

Mnemonic Chaos

If you’ve followed my setup, you now have at least three mnemonic phrases to worry about. This can be pretty annoying, but it doesn’t have to be. I’m not going to go into too much detail on how to protect these, rather I will write another article that goes into detail on this. With that said, here is the TL;DR of what I recommend which you should be able to follow if you are an advanced user and cannot wait for my next article:

• Multiple USB drives in different locations

• Two Veracrypt partitions with different keys (VeraCrypt hidden volume) on these USB drives

• MetaMask key in the first partition which can be given in distress situations

• Rainbow and Ledger keys in the hidden volume which should never be given up

• All setup with an airgapped-laptop

Caveats

1. OMFG, why doesn’t this website support smart contract wallets?

   I’m looking at you OpenSea. But you’re not alone on this. Lens Protocol (of which I am a big fan) currently has minimal support for smart contract wallets but I think that will change soon.

   With that said, you should look for alternative dapps which do support smart contract wallets. Castle is building a NFT Marketplace with first party support for smart contract wallets for example. Otherwise, in these cases, your MetaMask or Ledger can come in handy here.

2. Safe on other chains

   Be careful when providing your Safe address to others. This address is only valid on the chain you deployed it on. It is possible to get the same address on other chains, but it’s quite an involved process.

3. Death

   In this scenario, you don’t want your family to miss out on your hard earned dog coins, right? This will be tackled in my next article.

Disclaimer

I am a Safe Guardian which means I’ve been awarded some $SAFE tokens. With that said, I’ve been a big proponent of Safe for a long time and have personally used it long before a token was even considered. It’s just simply the best smart contract wallet that exists today.

Yeah, I know you’ve probably heard about the hype by now. People are flocking to Foundry and there’s nothing you can do about it. So, strap in, there’s been a new release which brings coverage reporting!

Install / Upgrade Foundry

First, make sure you’re on the latest version of Foundry. If you don’t have it, get it here.

If you do have it installed already, get the latest version by running:

$ foundryup

View Coverage

To get a coverage report, it all starts with:

$ forge coverage

By default this will display a summary, which will look like this:

It’s already quite nice, but you can change the output via the --report flag. In order to get the coverage displayed nicely in VS Code, we need to use the LCOV reporter. So, run:

$ forge coverage --report lcov

You should now have a lcov.info file in your project directory. LCOV files can be parsed by many tools / extensions. In the case of VS Code I recommend Coverage Gutters.

1. Install the Coverage Gutters extension.

2. Open the file you want to see coverage results for.

3. Open the command palette in VS Code (CMD+SHIFT+P or CTRL+SHIFT+P by default) and type “Display Coverage”, you should see the option “Coverage Gutters: Display Coverage“, select it.

4. Now, your file should be nicely colored line-by-line showing if a line has been hit or not (green for hit, red for missed).

Obviously, there are some issues present. The constructor is definitely being hit in my tests, but it’s showing as a miss! Coverage in Foundry is still very much a work-in-progress, but it’s great that we have an initial version so we can start setting up our tooling and processes around it. Knowing the Foundry team, this feature will quickly blossom into another example of what the premier Solidity testing framework has to offer.

Example Repos

• All the examples in this repo were performed on my ERC4626Votes repo.

• Onbjerg has a nice example repo which includes the Codecov GitHub action. He also built the actual coverage feature, so kudos to him!