Roll Integrates Fireblocks MPC for Increased Security
We are happy to announce that Roll will be integrating with the Fireblocks MPC (Multi Party Computation) framework to manage our hot wallet and deposit addresses. This is part of an overhaul of Roll infrastructure and security after the security incident in March. The Fireblocks MPC wallet infrastructure will be a key piece of the security of Roll wallets going forward.
Understanding the new wallet infrastructure
With Fireblocks MPC wallet infrastructure, we will be able to manage all the social tokens in Roll wallets in a more secure way. The private key to the actual wallet is not stored in a single place, and isn't recreated in a single place either. This avoids a single point of compromise for private keys and significantly enhances our operational security. You can read more about Fireblocks MPC infrastructure here. Instead, multiple key shards are stored in geographically distinct locations and each one signs data on its own.
The wallet infrastructure is non-custodial in nature. All of the signing infrastructure will be hosted in specialized hardware enclaves - Intel Software Guard Extensions (Intel SGX).
Over the coming months, we will also document this part of an official Roll security policy that documents operational security procedures undertaken by Roll along with documentation on how we are following those steps.
Scaling Up
Using the above solution, Roll will manage both the hot wallet and the deposit addresses created in the future for all users. We will continue to have a separate multisig using Gnosis multisig as well. We will also move some of our operating Ethereum addresses into the new wallet infrastructure.
In addition to the built-in security solutions provided by Fireblocks MPC, we have also created a new service that is capable of fine-grained control over what types of transactions can be signed. We will continue to build that service out as Roll integrates more complex transactions and contract function calls.
A robust and scalable security solution will allow Roll to reach millions of regular web users who get their first exposure to crypto-assets via social money of communities they are already a part of and participate in.
What's Next
Over the coming weeks, we will migrate user deposit addresses on Roll on to the new framework. As part of this, the old deposit addresses will be deprecated, and users will create new Roll deposit addresses for their accounts.
The new version of the Roll smart contracts (dubbed "v1.5" before a more thorough v2) is currently being audited by two independent audit firms. Once the audit results are in and we deploy the contracts to Ethereum mainnet, we will onboard new creators on Roll via the new contracts and the new security infrastructure in place.
We continue to make steady progress on bringing important Web3 primitives to traditional creators and their communities, and making social money easy to transact on existing platforms. Building a scalable and secure infrastructure on our backend is key to being able to sustain the growth and interest we are witnessing in the social token space.