Tonkeeper goes open source
Tonkeeper TeamToday, we made Tonkeeper’s development open source and announce our security roadmap.
The role of Tonkeeper in the ecosystem.
The innovation and freedom offered by the TON blockchain are possible due to putting decentralized and direct control back in the hands of the users. This means that the TON developer community must solve seemingly contradictory requirements: provide a safe experience for users on par with the best-centralized ecosystems while letting users bear full responsibility for handling their own cryptographic keys and enjoy unrestricted freedom to use their digital assets as they please.
Our mission at Tonkeeper is to solve this contradiction with well-designed UX and protocols: never compromise on your freedom, deliver a safe and comfortable experience, and fulfill the promise of TON as a truly revolutionary mass-market network.
Developing in the open
We are opening up the Tonkeeper development process. This means the entire source code and active development will continue openly, which will be visible on GitHub. Everyone is free to review the code, ask questions, and send suggestions. Our team will continue to maintain and improve the app and engage with the community on feature suggestions and improvements.
Security architecture roadmap
Rapid innovation and frequent release cycles come at odds with careful security audits: You just verified that your app is safe, and the next day, it has a new feature that may introduce a vulnerability.
Various systems solve this problem by introducing clear security boundaries between the common applications and the sensitive data: Operating systems run apps in isolation from each other and users’ sensitive data — non-custodial dApps on TON are similarly isolated from wallets. Whenever an app needs to perform an action that crosses the boundary, the other side of the system asks for the user’s approval.
We are going to adopt the same principle within Tonkeeper. The application is going to be separated into three parts: security perimeter, feature layer, and connected apps.
Security perimeter implements the core wallet UI related to operations with secret keys: authenticating access to the wallet, signing transactions, and connecting to apps and services via Ton Connect.
Feature layer exists in isolation from the secure key storage. When a part of the Tonkeeper UI needs to sign a transaction, it makes a request and then the secure part of the app confirms the operation with the user. This means that even an accidental or malicious bug introduced in a feature layer cannot covertly compromise users’ funds.
Finally, connected apps and services exist in further isolation from the main app (via built-in web views) because they are provided by other developers, and the user is free to connect any app they want. They, too, have to go through the same secure interface with the user’s confirmation, and additionally, they cannot compromise the feature layer — that is, they won’t be able to show wrong prices, an incorrect transaction status, etc.
We will implement and improve this architecture gradually, starting today. You will be able to follow the development process on our GitHub repository.
Bug bounty program
Thousands of eyes are better than a few, and thousands of focused eyes are better than a thousand bystanders. To help us improve the quality of Tonkeeper, we are going to develop a bounty program for critical security vulnerabilities. There are numerous security researchers who care a lot about the security of users, and we believe they should be duly rewarded for their hard work.
We will announce the details of the bug bounty program next month. But if you want to find bugs now, you can participate in the TON test challenge that you can join today.
Participation guidelines
We welcome questions, suggestions, and pull requests from everyone in the community. We look forward to professional and polite communication. At the same time, please keep in mind that Tonkeeper is driven by our team, and we retain the last word on how to resolve issues and manage discussions.