Ryan 🦇🔊 Profile picture
Aug 30 16 tweets 6 min read
1/ Everyone should be using multi-key smart contract wallets to self-custody the bulk of their crypto. They are MUCH SAFER than EOA wallets like Metamask or any hardware wallet.

Here’s why 👇
2/ First, for the retail hodler who doesn’t care about self-custody, storing assets with a reputable exchange is probably safest. They:
• have institutional-grade custody tech
• will likely cover any loss from a hack to uphold reputation
• likely have insurance
• can be sued
3/ However, CEXs are subject to nation state laws which means they could freeze your assets for any reason. For those who want self-custody, smart contract wallets are the safest option. Here’s what a smart contract wallet setup looks like:
4/ I recommend a 2-of-3+ multisig with @gnosisSafe or @argentHQ Vault. This means you have designated at least three regular wallets as “signers” on your smart contract wallet, and you need two of them to approve any transfer of funds out of the smart contract wallet.
5/ A good setup should require more than 1 wallet to approve any transaction so if a hacker steals one of your wallets, they can’t move funds. Also, the multisig should have more signers than the number of approvals needed so that there are have backups if you lose one of them.
6/ Here’s why a multisig is the safest way to self-custody your crypto. Consider three scenarios we want to protect against:
• Loss: Forgetting private keys / losing a hardware wallet
• Hack: keys get hacked
• Supply Chain: A part of your wallet supply chain is malicious
7/ Loss: If you forget private keys or lose a hardware wallet, your assets on that wallet are lost. But if it’s just a signer on your multisig, you can remove and replace the lost wallet by activating your other signer wallets. Assets in the smart contract stay safe.
8/ Losing 2+ wallets at once is unlikely if they are a mix of devices, locations, and providers. (⚠️ If you have 2 wallets on the same phone, you can lose them both at once!) A good mix might include a @MetaMask on your phone, a @Ledger at home, and a @Trezor at a friend's place.
9/ Hack: If a wallet gets hacked (someone takes your private keys), you can just replace it as a signer. Since at least 2 signatures are needed for any transaction from your smart contract wallet, assets are safe. Getting two or more wallets hacked at the same time is unlikely.
10/ Supply Chain: With any EOA wallet, you have to trust the code running inside it. For example, a factory worker at any point in the supply chain could switch out a hardware wallet for one that steals your keys when it’s connected to the internet or has a known random seed.
11/ Smart contract wallets are open source on the blockchain so you can verify that the wallet is operating exactly as it’s been coded. Even if one of your EOA signing wallets gets compromised, you can minimise trust assumptions by using a mix of devices and providers.
12/ Smart contract wallets do come with trade offs, in addition to inherent smart contract risk. For superior security, you sacrifice some convenience and cost savings:
13/ It's a hassle to execute transactions quickly if you need to approve with multiple devices. However, with account abstraction on the horizon, session keys would allow you to pre-approve transactions within constraints. You can do this today with @argentHQ trusted sessions.
14/ Also, smart contract wallets use more gas so it is more expensive per transaction. For example an ERC20 transfer uses approx:

• 60k gas with a EOA wallet
• 100k gas with @gnosisSafe
• 180k gas with @argentHQ Vault

You can mitigate this by moving to an L2 with @gnosisSafe
15/ As long as your smart contract wallet has enough lindy, it’s well worth it for the added security over hardware wallets or EOAs. Everyone should be using @argentHQ Vault or @gnosisSafe for personal use!
What multisigs are you using on other L1s like @solana, @cosmos, etc.?

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Ryan 🦇🔊

Ryan 🦇🔊 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(