diff --git a/docs/getting-started/cloud-wallet/faq.md b/docs/getting-started/cloud-wallet/faq.md index 39722870c9..bf2710bf87 100644 --- a/docs/getting-started/cloud-wallet/faq.md +++ b/docs/getting-started/cloud-wallet/faq.md @@ -10,7 +10,7 @@ import TabItem from '@theme/TabItem'; ### What is the Chia Cloud Wallet? -The Cloud Wallet is a new platform for interacting with the Chia blockchain. Assets are stored in vaults, in an app that is always synced with the blockchain. This makes it easy for newcomers to get started with Chia; it also provides a secure custody solution. In addition, it will eventually include an API for developers in Chia’s ecosystem to make dApps that use the Chia blockchain. +The Cloud Wallet is a new platform for interacting with the Chia blockchain. Assets are stored in vaults, in an app that is always synced with the blockchain. This makes it easy for newcomers to get started with Chia; it also provides a secure custody solution. In addition, it will eventually include an API for developers in Chia's ecosystem to make dApps that use the Chia blockchain. ### Is the Chia Cloud Wallet available for mainnet? @@ -36,9 +36,9 @@ Cloud Wallet vaults can be secured with either a passkey or with the Chia Signer It depends on your use case. The Cloud Wallet will not be used for Chia farming, so farmers will continue to use the reference wallet for creating plots, as well as for farming. Other users might want to migrate to the Cloud Wallet at some point. -### What if I don’t want my Cloud Wallet to connect to Chia’s nodes? +### What if I don't want my Cloud Wallet to connect to Chia's nodes? -For maximum trustless usage, we will eventually support syncing your Cloud Wallet against a node of your choosing. However, we haven’t implemented this feature yet. +For maximum trustless usage, we will eventually support syncing your Cloud Wallet against a node of your choosing. However, we haven't implemented this feature yet. ### What is a passkey? @@ -50,7 +50,7 @@ Two ways – as a replacement for logging in with your email and password, and a ### What is a vault? -A vault is a new way to custody your assets on Chia’s blockchain. Instead of securing your XCH, CATs, NFTs, etc with a single key, a vault uses multiple keys and more advanced custody rules. The current iteration of Chia vaults have two keys – one for signing transactions (either a passkey or a hardware key from the Chia Signer app), and one for recovery purposes (a BLS key). +A vault is a new way to custody your assets on Chia's blockchain. Instead of securing your XCH, CATs, NFTs, etc with a single key, a vault uses multiple keys and more advanced custody rules. The current iteration of Chia vaults have two keys – one for signing transactions (either a passkey or a hardware key from the Chia Signer app), and one for recovery purposes (a BLS key). ### What is the advantage of using a vault instead of a wallet? @@ -62,7 +62,7 @@ A vault needs to be created on the blockchain after you click the “Create” b ### Can I import an existing wallet into the Cloud Wallet by entering a seed phrase? -Not at the moment. Currently the Cloud Wallet only supports vaults. We may add support for standard BLS wallets, but we haven’t made that decision yet. +Not at the moment. Currently the Cloud Wallet only supports vaults. We may add support for standard BLS wallets, but we haven't made that decision yet. ### How is signing different with the Chia vault than with the reference wallet? @@ -86,7 +86,7 @@ Feel free to ask questions in the #support channel of [our Discord](https://disc ### Where can I report a bug? -If you find any bugs, feel free to fill out a [bug report](https://docs.google.com/forms/d/e/1FAIpQLSeIAZAxSwTwZPGUVLs7_XKseoPgOmtBa0qhtWNQwBeoo9adRA/viewform). However, please keep in mind that this is beta software. We are aware of several existing bugs, which we are tracking in a list. +If you find any bugs, feel free to fill out a [bug report](https://docs.google.com/forms/d/e/1FAIpQLSeIAZAxSwTwZPGUVLs7_XKseoPgOmtBa0qhtWNQwBeoo9adRA/viewform). However, please keep in mind that this is beta software. We are aware of several existing bugs, which we are tracking in a [list](/getting-started/cloud-wallet/known-issues/). If you discover any security issues, you can file a report on our [bug bounty site](https://hackerone.com/chia_network). Thanks for your help! @@ -114,7 +114,7 @@ A recovery key can only be used for recovering a vault. If this key is stolen, t ### What is a watchtower? -In a Web3 context, a watchtower is a program that monitors a blockchain for events, and takes action when they occur. The first Chia watchtower will look for attempted vault recoveries. When such a recovery is initiated, the watchtower will email the owner of the vault that is being recovered. If the recovery attempt is legitimate, the owner doesn’t need to take any action. However, if the recovery is malicious, then the owner can cancel it. +In a Web3 context, a watchtower is a program that monitors a blockchain for events, and takes action when they occur. The first Chia watchtower will look for attempted vault recoveries. When such a recovery is initiated, the watchtower will email the owner of the vault that is being recovered. If the recovery attempt is legitimate, the owner doesn't need to take any action. However, if the recovery is malicious, then the owner can cancel it. ### What other types of watchtower will you develop? @@ -128,7 +128,18 @@ Yes! The Chia blockchain is a public ledger, so anyone can build software to mon ### What is the Chia Signer app? -The Chia Signer app turns your smartphone into a hardware wallet. The app uses your phone’s Secure Enclave to create a vault custody key. This key cannot be removed from the device, so a thief would need to gain physical access to your phone in order to steal it. You can download it from [Apple's app store](https://apps.apple.com/app/id6504493785). +The Chia Signer app turns your smartphone into a hardware wallet. The app uses your phone's Secure Enclave to create a vault custody key. This key cannot be removed from the device, so a thief would need to gain physical access to your phone in order to steal it. You can download it from the [iOS App Store](https://apps.apple.com/app/chia-signer/id6504493785). + +:::info + +Currently, in order to use the Chia Signer app, you will need two separate devices: + +1. A computer or phone to access your vault +2. An iOS device on which the Chia Signer app is installed + +You cannot use both the Cloud Wallet and the Chia Signer app on the same device yet. However, we do intend to enable this functionality in a future release. + +::: ### Is the Chia Signer app available for both Android and iOS? @@ -136,27 +147,48 @@ It is currently only available for iOS. We will build an Android version in the ### On which iOS devices is the Chia Signer app supported? -The app is supported on all iOS devices with a Secure Enclave. This includes iPhone models beginning with the 5s (released in 2013). +The app has two requirements for iOS devices: + +1. The device must run iOS 15 or later +2. The device must have a Secure Enclave + +The following devices meet both of these requirements: + +- iPhone models beginning with the iPhone 6 +- iPad models beginning with the iPad mini 4 + +Be sure to double check that your device is running at least iOS 15 prior to installing the Chia Signer app. + +### Is it safe to install the Chia Signer app on a second-hand device? + +Yes -- just be sure to use the do a factory reset of the device first. See [Apple's support site](https://support.apple.com/guide/iphone/iph7a2a9399b/ios) for instructions. ### Does the Chia Signer app use blind signing? -No, but it doesn’t use clear signing yet, either. The user is shown the details of the transaction before signing it. This info is significantly more detailed than what can be seen on the small screens of most hardware wallets. However, the end user needs to trust that CNI’s servers have not been compromised, so it also isn’t clear signing. The light amount of trust required should be sufficient for most users. However, for users who want to sign large transfers with the Chia Signer app, we plan to develop true clear signing in the future. +No, but it doesn't use clear signing yet, either. The user is shown the details of the transaction before signing it. This info is significantly more detailed than what can be seen on the small screens of most hardware wallets. However, the end user needs to trust that CNI's servers have not been compromised, so it also isn't clear signing. The light amount of trust required should be sufficient for most users. However, for users who want to sign large transfers with the Chia Signer app, we plan to develop true clear signing in the future. ## Security and privacy ### Will CNI be able to freeze and/or confiscate my assets? -No. CNI won’t custody any of your assets, so it won’t have the ability to freeze or confiscate them. If the Cloud Wallet website were forcibly shut down, you would still have the ability to spend your assets because you would still be in control of the keys associated with your vault. However, the infrastructure to accomplish this would need to be rebuilt. +No. CNI won't custody any of your assets, so it won't have the ability to freeze or confiscate them. If the Cloud Wallet website were forcibly shut down, you would still have the ability to spend your assets because you would still be in control of the keys associated with your vault. However, the infrastructure to accomplish this would need to be rebuilt. + +### What risks do end users take regarding CNI's control of the Cloud Wallet website? -### What risks do end users take regarding CNI’s control of the Cloud Wallet website? +One of the advantages of using vaults is that their custody keys are not directly accessible to the website or its APIs. -One of the advantages of using vaults is that their custody keys are not directly accessible to the website or its APIs. The two risks for Cloud Wallet end users are: -CNI can be forced to turn over metadata to various law enforcement. However, we don’t save much metadata beyond what is already available on the blockchain. -An attacker could set up a man-in-the-middle attack when you are signing a transaction. The amount of trust required when using the Signer app is already minimal. In the future, we will enable full clear signing, as well as the ability to run the Cloud Wallet against your own full node in order to mitigate this attack vector. +The two risks for Cloud Wallet end users are: + +1. CNI can be forced to turn over metadata to various law enforcement. However, we don't save much metadata beyond what is already available on the blockchain. +2. An attacker could set up a man-in-the-middle attack when you are signing a transaction. The amount of trust required when using the Signer app is already minimal. In the future, we will enable full clear signing, as well as the ability to run the Cloud Wallet against your own full node in order to mitigate this attack vector. ### Do vaults always use the same address? -Yes. There is slightly less privacy when using vaults versus standard wallets. However, even the reference wallet doesn’t offer true privacy because all transactions are recorded on a public ledger. +Yes, and this is a departure from the reference wallet, which uses a new address for each transaction. The reason vaults always use the same address is because they are singletons -- the vault itself authorizes the spend of coins under its control, as opposed to standard wallets which are derived from BLS keys. + +Users must carefully consider the privacy (and therefore security) implications of reusing an address. When the address doesn't change, it becomes easier to put together a historical record of transactions. Vaults that hold significant value could therefore be targeted with physical attacks, as explained in [a Bitcoin wiki](https://en.bitcoin.it/wiki/Address_reuse). + +Future versions of vaults will have additional security such as multisigs and time locks to mitigate the risk of physical attacks. ### Will the Chia Signer app be open source? diff --git a/docs/getting-started/cloud-wallet/getting-started.md b/docs/getting-started/cloud-wallet/getting-started.md index a9c50a9afb..ccf87d6341 100644 --- a/docs/getting-started/cloud-wallet/getting-started.md +++ b/docs/getting-started/cloud-wallet/getting-started.md @@ -34,6 +34,17 @@ Congratulations, you're all set to create your first vault! ## Create a vault +:::info + +Currently, in order to use the Chia Signer app, you will need two separate devices: + +1. A computer or phone to access your vault +2. An iOS device on which the Chia Signer app is installed + +You cannot use both the Cloud Wallet and the Chia Signer app on the same device yet. However, we do intend to enable this functionality in a future release. + +::: + 1. The free tier of the Cloud Wallet only allows you to create a single vault, so you will need to choose from one of the two options. Let's create a vault using the Chia Signer app:
diff --git a/docs/getting-started/cloud-wallet/known-issues.md b/docs/getting-started/cloud-wallet/known-issues.md index 2e59d8a408..c13181b1f6 100644 --- a/docs/getting-started/cloud-wallet/known-issues.md +++ b/docs/getting-started/cloud-wallet/known-issues.md @@ -3,33 +3,37 @@ slug: /getting-started/cloud-wallet/known-issues title: Known Issues --- -This list was last updated on 2024-12-02. Although there are many items in this list, most of them are minor issues or issues that occur rarely. In addition, while we will attempt to keep this list up to date, it may fall behind on occasion. This is not meant to be a comprehensive list. +This list was last updated on 2024-12-05. Although there are many items in this list, most of them are minor issues or issues that occur rarely. In addition, while we will attempt to keep this list up to date, it may fall behind on occasion. This is not meant to be a comprehensive list. -- Recovery is not yet enabled for vaults that use the Chia Signer app, and the recovery flow has yet to be disabled +- Recovery is not yet enabled for vaults that use the Chia Signer app - The fee field doesn’t work yet for recovery operations (initiate, cancel, complete) -- Upon cancelling a recovery, an extra signature dialog is displayed - Upon cancelling a recovery, the app doesn’t indicate that anything is happening while the the transaction is being processed -- After a successful recovery, the first transaction in the vault’s history shows an extra mojo -- CATs sent to the same vault as where they originated are listed as "0 Unknown CATS" -- An unsigned spend will get [Settled] Status when the next spend succeeds and is settled -- Deleted transactions continue to be displayed for around 40 seconds -- The balance and transaction count can be out of sync in vaults with hundreds of transactions -- The green "success" message is shown when attempting to send a transaction before the transaction has been signed -- For vaults with large numbers of transactions, some transactions may not be listed in the vault’s history +- We are in the process of updating the mobile UI, so certain buttons and labels may look bad on a mobile device for now +- The error message that appears when you enter an invalid Send address is not very descriptive +- When setting up a vault on an iPhone, the fields for inputting up the clawback timer might not show any numbers +- If you attempt to add a passkey, but then click the X to close out of the window, it will give you an error +- If you send funds to your own vault, the transaction will show an amount of 0 +- In rare occurrences, when creating an account, you might see "Internal Server Error" +- You may see "User not found for this passkey" when attempting to create an account with a passkey +- Some users have reported seeing "vault.chiatest.net's DNS address could not be found...." when using the Brave browser +- Upon cancelling a recovery, an extra signature dialog is displayed - You may receive two identical copies of the same watchtower email upon successfully completing a recovery +- The previous view of the home screen will briefly flash after a new vault is created; this lasts less than one second until the correct view is displayed - After successfully cancelling a recovery, you may see a "Something went wrong" message; refresh your browser window to workaround this issue - The initial timer displayed for cancelling a recovery is hardcoded to 15 minutes; however, the actual timer is correct +- You might receive two copies of the same email upon successfully completing a recovery - The recovery timer will show "0 minutes" remaining when, in fact, there is less than one minute remaining; this is a simple rounding error which will be resolved when the timer actually reaches 0 +- After a successful recovery, the first transaction in the vault’s history shows an extra mojo - The signing modal dialog occasionally takes over 30 seconds to be displayed -- The previous view of the home screen will briefly flash after a new vault is created; this lasts less than one second until the correct view is displayed - When sending CATs, the "amount" field is missing a label, and the "fee" field is labeled as "unknown CATs"; these are display issues only +- CATs sent to the same vault as where they originated are listed as "0 Unknown CATS" +- An unsigned spend will get `Settled` Status when the next spend succeeds and is settled - If the Cloud Wallet is left inactive for a long time, "Something went wrong" might be displayed; refreshing the browser tab will work around this issue - For now, in order to paste a seed phrase when initiating a recovery, you must paste the phrase into the first word field - Coins might be locked if certain transactions fail, and it’s not obvious how to unlock them; however, this is an uncommon occurrence -- Transaction confirmation takes about twenty seconds longer than it does with the reference wallet - On rare occasions, selecting a custody key will result in it not being possible to return to the main screen. \* Log out and log back in to work around this issue for now - If a "Fee too low" error is encountered (a rare occurrence), a transaction may enter a "signed" state, but it is not submitted to the mempool -- Old transactions may be listed out of order - Unrecognized CATs (which includes all CATs for now) are each listed as "Unknown CAT2" without an obvious way to differentiate them +- The balance and transaction count can be out of sync in vaults with hundreds of transactions - When creating a vault with a bitwarden passkey, it’s possible to receive a "Memory access out of bounds" error - You can’t create a new vault with the same name as a deleted vault diff --git a/docs/getting-started/cloud-wallet/tooltips.md b/docs/getting-started/cloud-wallet/tooltips.md index b965870640..7f44beaf49 100644 --- a/docs/getting-started/cloud-wallet/tooltips.md +++ b/docs/getting-started/cloud-wallet/tooltips.md @@ -8,6 +8,10 @@ import TabItem from '@theme/TabItem'; This page contains tooltip links from the Cloud Wallet. It provides some basic info about the various components. +## Recovery + +This is the process of rekeying a vault. If your custody key is lost or stolen, you can swap it out for a new one. For example, if someone steals your smartphone where your Chia Signer app is installed, you can obtain a new phone, install the Chia Signer app, and create a new hardware key. You can then instruct your vault to replace the stolen key with the new one. The recovery process also allows you to change your recovery key if desired. + ## Custody Key This is a vault’s primary key used for signing transactions. It can be either a passkey or a hardware key from the Chia Signer app. @@ -34,4 +38,4 @@ This is the amount of time you must wait before a recovery operation can be comp ## Signer App -A smartphone app initially available for iPhones made after 2013. The app stores a signer key in its Secure Enclave. This key cannot be copied or removed from the phone, so the only way to steal it is to gain physical access to the device. For this reason, we strongly recommend that you secure the Signer app using your phone’s biometrics. +A smartphone app initially available for iPhones made after 2013. The app stores a spend key in its Secure Enclave. This key cannot be copied or removed from the phone, so the only way to steal it is to gain physical access to the device. For this reason, we strongly recommend that you secure the Signer app using your phone’s biometrics.