Zephyr - A Metamask-style browser extension for Zcash

Thank you!

3 Likes

This is great news! I would like to thank all of ZOMG for their patience with us as we crashed through the process :sweat_smile:

5 Likes

Welcome to the Zcash Forum @Ivo :tada:

Ivo and I go way back in 2014-2015 where we worked with Frog Design to make Verizon Messages+ happen. Hope you can find a team to collaborate with soon or I will pull you in for another Nighthawk project :laughing:

4 Likes

Morning everyone,

I’m happy to say that we’ve kicked off work on the project today. We are very much looking forward to diving in.

7 Likes

How is this coming along? it could help us, it would certainly give a good indication of what the mgrc requires as a minimum.

I remember talk of the ECC possibly charging recipients for help onboarding them. @mhluongo was up for it at the time (the only public applicant at that time) and I would love to spend some of my external security budget on consulting with @bambam and @yaahc - in fact I am drafting the out reach right at this moment.

The zip doesnt prevent me from spending the funds where i think best, it just prevents them from automatically being assigned to the ecc/zf - otherwise we are needlessly binding our hands.

1 Like

@Shawn Im posting this here as a minor update to zepher. We are looking for OWASP ASVS Level 3. This i think should be the standard for any project that handles crypto funds.

OWASP Application Security Verification Standard

in regards to

Is this something the MGRC can work with? Due to transparency, most of our security budget im planning to use on external verification of my testing and the zepher dev teams work.

We understand your time is limited so not only will we be in a position to give you
a pass/fail style report, you could also appoint your own independent security reviewers and they will be able the verify against what we have done and might have missed.

Does anything in the OWASP help or hinder the requirements the @ZcashGrants for the coldwallet stuff? because we could come up with some really nice development standards from this. at least that what I am striving for, to create a model other projects can emulate to see what can be done. it feels like testing and security testing is a bit of a dark art, it will be nice that all my stuff will be open source.

btw, has anyone else had 2 astra jabs, the second one has ruined me.

Hello everyone,

Wanted to let you know that we will be presenting an update on our project progress at the upcoming Zcash Gardening Club this upcoming Tuesday 6/1 at 1PM EST. We’re still in early days but making good progress in our first phase.

I’ll also be posting an update here on Monday 5/31.

Thanks again for all the support for our project!

8 Likes

Hi all,

Hope everyone in the US is having a great holiday.

We wanted to post a quick update on our progress on our first set of project milestones. We are having a lot of fun so far and are well into things.

Some specifics:

  • Front end: First set of wireframes is 80% complete. We’ll do an internal review next and then get input from community members like @Ivo

  • WASM engine: Our primary focus has been in getting Zecwallet Lite’s WASM / Web wallet build up and running so that we can use the codebase as a guide and a test bed for our WASM engine. We’ve completed this work and are now moving on to initial WASM development. Thanks again to @adityapk00 for his incredibly helpful advice and assistance here.

  • Proxy / translation service: Base functionality is working here - the proxy is making good gRPC calls and receiving data from lightwalletd. We’re currently working on implementing support for streaming server replies. We will put together a Postman collection to demonstrate functionality here.

  • Security: @mistfpga has complied detailed industry standards with @fireice_uk and myself to guide our development work. We’ve also reached out to potential outside security partners, as well as beginning security research into the existing lightwalletd codebase. We’re also well into work building test servers and compiling test cases.

We also have potential name for the project that we’re liking - “Zephyr

Happy to answer any questions you may have here - we’ll also be on the Gardening Club call tomorrow.

Thanks again for giving us the opportunity to build this project for the community.

12 Likes

How about Zigma?

btw I love your updates to community. keep it coming :slight_smile:

3 Likes

We are trying it out too, the latest wires I got to look over were in figma :+1: We do listen to advice and we want all the advice we can get.

If the community has any questions please ask. We cant really include everything in the updates. :slight_smile:

Thank you for the encouragement!

3 Likes

Link to today’s gardening club: Webinar Registration - Zoom

4 Likes

Great club meeting. I liked being able to give verbal updates and get chat giving information.

I will get you a full response re:metamask vulns that were brought to my attention

Some (most) are covered by OWASP. but I am going to do a very long winded response as to how our test approach would catch this stuff. OR how we can mitigate the risks.

A big thanks to all the people i spoke to over PM who want to connect and knowledge share.

one thing I wanted to say but didnt, is I am hoping to create a testing and security template for other projects to follow whilst doing this (zeph is more important im just keeping notes ill publish after the postmortem on the project)

Thanks to all the love from Chat and other panellist for our project. Hopefully our success will encourage other first time teams to get involved.

4 Likes

oops I meant, you could name this project - Zigma (sounds cool to me).

1 Like

Zigma sounds cool to me too, can we use it for the Zcash Block Explorer? @vamsi

1 Like

bit too close to ligma for me.

1 Like

I have what I think are acceptable answers to most of the issues that Shannon Wu points out. However because this is so important and she is obviously skilled in this area, I have reached out to her to get her perspective.

This could become a UX v security issue, so, we are on it and are adapting the attack patterns to be more relevant for our extension so I want to be 100% sure everybody on the team is on board with the solutions i have or we are going to have to find new ones, we are currently having this conversation.

It does raise a concern I have that I will cover with the other wallet teams, and that is about auto shielding. I (me, I haven’t raised it with the team yet) want it in zeph. This brings a new surface area for privacy leaks. so I have arranged to connect with Geffen after zcon2 and will be watching his presentation thoroughly.

1 Like

Not sure if ligma is a real term: https://www.quora.com/What-is-Ligma

Zigma is cool like Figma & Sigma. Up for grabs :slight_smile:

2 Likes

Ligma is a disease, there was a trend that still goes on where people in chat will tell the streamer they have ligma, the stream panics and says “whats ligma?” the chat responds with ligma balls. I have spoiled a puerile word play on the phonetics of “ligma” sounds like “lick my”.

I assuming normal grown ups may or may not know it but millennials and zoomers do.

That being said, you might get free viral marketing and like the “turn down 4watt” it will be ded in a few yeas and zigma is a cool name :slight_smile:

i guess its that ive had to flip into pedant mindset, but figma is gone in the tech world. Figma: the collaborative interface design tool.

plz keep the questions up.

1 Like

A short update.

I have reached out to @earthrise at the ECC (responsible for lightwalletd maintenance) - I received an overwhelmingly positive response. massive +1 for the ECC @joshs thank you for the spirit of cooperation, this is a very good marketing angle showing the support available and how to access it.

Im really excited to making contact and seeing how we can make lightwalletd better.

I have a feeling this might get a bit complicated. but we can talk about that another time.

5 Likes

For those that missed it, here is Elliot giving an overview of the project and where we are at.

its timestamped for project zephyr, but the whole thing is well worth watching.

3 Likes