Pali Wallet provides easy access to Syscoin’s robust network and functionality for DApp users and developers. It will also accept Syscoin Platform Tokens, including NFTs and UTXO. Directly from your web browser, users can manage, receive, and send crypto, as well as fungible and non-fungible tokens across various chains.
Difference between Meta Mask and Pali Wallet
Now you may be thinking that this sounds very similar to Meta Mask, the cryptocurrency wallet used to interact with the Ethereum blockchain. And, while it’s correct that every blockchain has integration with Meta Mask, Pali is unique in that it not only supports Ethereum-based applications (such as Binance Smart Chain, Matic, Fantom, and others). But, also Bitcoin forked networks such as Syscoin, Bitcoin Cash, and Litecoin.
Pali Wallet adds an additional layer of security that Meta Mask doesn’t provide. The wallet also supports Trezor, the most well-known hardware wallet on the market, because it is HD BIP 32 compatible. When using a physical wallet, the user also has the protection of not disclosing their information to third parties at any time.
Pollum contracted Cyrex to conduct a penetration test to determine its exposure to a targeted attack. This test was conducted under our white box penetration testing service as Pollum provided Cyrex with their source code. Cyrex was given full access to the application and was provided with all of the regular user privileges. All activities were conducted in a manner that simulated a malicious actor engaged in a targeted attack against the scope with the goals of:
- Identifying if a remote attacker could penetrate its defenses
- Determining the impact and possibility of a security breach
Pali Wallet is an extension that saves your wallet locally, making it just another step more difficult for it to be hacked. But that doesn’t mean it’s completely impenetrable. Yes, saving it locally provides a more secure experience, with encrypted passwords securing access if your computer is stolen. However, vulnerabilities were still evident once we conducted multiple penetration tests during the development lifecycle.
During the entire penetration testing life cycle, we performed the following actions to determine security issues within the application:
- Analysis and testing of different exposed methods within the controllers
- Tampering of different parameters within those methods
- Identification of potential injection points, security flaws, and vulnerabilities
- Exploitation to provide Proof of Concept (PoC)
Some of the most significant vulnerabilities we discovered were:
- Private wallet keys are exposed to any website
- Private wallet keys are stored in plaintext on the system
- Wallet password is stored within the browser memory in plaintext
- Wallet discloses which websites you are connected to (privacy concern)
Through our testing, we identified a range of issues and vulnerabilities. Our regression testing ensured that vulnerabilities revealed during the penetration test were secured during patching and that no new vulnerabilities were introduced. Cyrex assessed that the overall security maturity is excellent and will satisfy any end user’s risk appetite. All suggested patches were correctly applied, but more importantly, Cyrex’ application security experts extensively evaluated and approved the browser extension.