After checking questions from our community, we created a short FAQ article about Vigvam Security with our answers. If you have other questions, don’t forget to ask them on our channels.
Why do you think that Vigvam is safe?
We consider Vigvam safe for several reasons.
The first point is a team. The core developer of the Vigvam is Sergii Pashenko, who has a lot of experience in developing web3, wallets, and web extensions. And also, he is the creator of the Temple Wallet. The number 1 wallet in the Tezos ecosystem with two well Security Audits. More about the team you may read here.
Secondly, Vigvam uses the best and most time-tested technologies for security.
It uses the core for data encryption from the popular password manager, which has already been audited.
However, despite our confidence, we consider the possibility of having potential vulnerabilities. For this reason, we plan to conduct an external security audit that will be shared with our community. At the moment, we strongly advise you to use test tokens and work in testnets only for test purposes. Follow us on Twitter or Telegram to track updates related to Vigvam audits and security.
Have you conducted a security audit already?
We have performed several internal security audits, and now, we are considering passing an external security audit. Meanwhile, the application is at the Private Beta testing stage. We strongly advise our beta testers to use only test tokens and test networks or use hardware wallets like Ledger Nano (in this case, only Ledger is responsible for your private keys, and Vigvam provides only the interface).
Why do you claim that Vigvam is open source, but it’s no code on Github?
We stopped delivering new code to the public repository after the first of January. The purpose of this is to protect Vigvam against potential scammers and hackers until we get proof of its security from a third party (Public Security Audit). We think this action enhances wallet security because attackers also do not have access to the source code. It is much more difficult or almost impossible for them to find potential vulnerabilities.
We’re not moving away from the Open Source policy. The wallet code will be publicly available after the Public Security Audit release. So far, the application is at the Private Beta testing stage, and all operations should be conducted only in testnets.
How does Vigvam interact with Metamask?
Vigvam does NOT interact with Metamask. It is only sensitive to the “Connect to MetaMask” or “Connect to Wallet” button on decentralized application websites.
Vigvam and MetaMask are both browser extension. Browser extensions are like apps on your smartphone. They don’t have access to each other. And they work on their own.
That’s why Vigvam has no access to your funds in MetaMask or any other wallets and also has no access to control the other applications! You may find technical details of how Vigvam and Metamask interact with each other in this article.
Do you have any other questions? Ask them on our telegram channel.