Zecwallet Lite Security Updates and Review

Applicant background

Zecwallet Lite is a set of desktop and mobile apps that implement the Zcash Lightclient protocol. They are light wallets that allow users to easily send and receive shielded transactions without needing to download the entire blockchain. Zecwallet Lite was originally released in early 2020, and is widely used in the Zcash ecosystem.

Zecwallet Lite uses the Zecwallet Lightclient SDK, an independent implementation of the Zecwallet Lightclient protocol that is used by the desktop and mobile Zecwallet Lite apps.

Motivation and overview

When Zecwallet launched, the Light client protocol was very new, and some features weren't implemented yet, so Zecwallet had to fork a couple of projects to add support for the full feature set. Since then, Zecwallet has upstreamed several changes, but we need to catchup and pay down some of the technical and security debt we have accumulated over the last year. This proposal outlines the 3 biggest shortcomings and proposes to address them over the next 7 weeks.

A big reason for doing this now is to prepare for the upcoming Pollard/Halo upgrade. Removing un-needed dependencies and relying on common implementations will make sure that future Pollard work will be doable without complicated customization, which might introduce further risks.

Technical approach

This project proposes doing 3 major tasks:

1. Depend directly on ECC's librustzcash

When Zecwallet Lite originally launched last year, we decided to support t address transactions as well in the lite client. This didn't have support in librustzcash, so Zecwallet forked ECC's librustzcash repository to add t-address support. Since then, we've been working to upstream the changes, and we've already submitted several PRs. Additionally, ECC has also added t-address support into librustzcash. This task is to finish the final set of changes (which are largely on the Zecwallet SDK side) to completely remove the dependency on the Zecwallet's librustzcash fork, and depend directly on ECC's librustzcash API.

2. LightwalletD compatibility

When Zecwallet originally launched, it forked the stock LightwalletD and implemented two sets of changes in the fork:

  • Add t-address support
  • Cache the entire Compact blockchain in memory, trading off higher resources for faster sync speed. Combined with multi-threaded syncing support on the client side, this significantly improved sync speed, which was the biggest complaint lite wallet users had.

Since then, ECC's LightwalletD has progressed considerably, and now also has support for t-addresses. Unfortunately, this is not API-compatible with Zecwallet's LightwalletD, and this task is to fix this by switching to the stock LightwalletD's API.

  • Add support for stock LightwalletD's t-address API and implementation.
  • Fix Zecwallet Lightclient SDK to use the new t-address API.

Once this is done, we'll have two way compatibility. i.e.,

  • Zecwallet Lite apps will be able to use stock LightwalletD to sync
  • Other wallets implementing ECC's light client SDK will be able to sync against Zecwallet's LightwalletD

This should go a long way in reducing the dependency on Zecwallet's LightwalletD server, and allow users to easily use any of the community-run LightwalletD servers.

3. Security Review of the Zecwallet Lite SDK

One of the major outstanding items from last year is to complete a full security audit of the Zecwallet Lite SDK. As a reminder, Zecwallet Lite SDK is an independent implementation of the Lightclient Protocol, which is used in Zecwallet Lite apps and a few other community projects. It uses librustzcash to access Zcash's cryptographic natives. While librustzcash is maintained by the ECC and has regular security review, Zecwallet's Lightclient SDK has never been security audited.

Zecwallet solicited 3 proposals from external companies, and the most competitive proposal is from Least Authority. You can read the detailed proposal here

  • Security audit Zecwallet Light client SDK.
  • EUR ​48,038​.00

Zecwallet will also set aside three weeks of Developer time to address any issues that are uncovered by the Security Review.

(Because of the character limit, please see the forum post for Risks, Downsides, Evaluation Plan and Schedule)

Budget and justification

Total: USD 112,500

Zecwallet work

  • 7 weeks total (@ USD 187.5/hr)
  • USD 52,500

Security Review

  • USD 60,000 approx

Tipping

Tips Received
???  
ZEC

Campaign

Requested Funding
$112,500
Open for Public Review