Check attack vectors on Wizard

[Dominik1999]

Analyze security flaws and backdoors of the Raiden Wizard

Since the Raiden Wizard will be the Raiden business card, it must be easy to use and secure. Despite the main idea being simple the devil might be in the details. There was no security analysis of the Raiden Wizard so far. However, we are dealing with real values and the user's private keys.

Timebox 2 days

Objective

• Identify key vulnerabilities
• per vulnerability one follow-up issue and address it in code or communication

Basic Flow of the Raiden Wizard

in five steps

Security analysis of all 5 steps

• Read https://github.com/raiden-network/team/issues/573 to understand the problem
• Analyze every step and apply industry standards (e.g. private key management)
• Write good, reasonable safety guidelines
• Are there any limits in place? Or how could a user lose funds?
• Check that DEX configuration does not buy at any price, and let the user know about the rice range see Check Configuration of DEX transactions and optimize #99
• ...

[konradkonrad]

• password / passphrase handling: tbd