Audit of Hiro’s Stacks Wallet

Hiro requested that Least Authority perform a security audit and penetration testing of the Stacks Wallet, a new browser extension for Chrome and Firefox that enables users to perform the following:

● Authenticate web applications with 12 or 24-word mnemonic keys;
● Set passwords for the encryption and storage of the keys client-side;
● Manage usernames registered with the Blockchain Naming System (BNS);
● View fungible and non-fungible token holdings on the Stacks blockchain;
● Send and receive tokens;
● Sign transactions with Clarity smart contracts as published to the Stacks blockchain;
● View recent transactions associated with holdings; and
● Configure node for relevant Stacks network.

The Stacks Wallet is an upgraded version of Blockstack Connect 1.0.

Our final audit report was completed on April 29th, 2021.

To read the full report including our findings, click here:

Report

Archives