Open Source Where It Matters in Wallets
Introduction
When we started working on the idea for Doppio, we had a simple goal: create a self-custody wallet that crypto enthusiasts would feel confident recommending to their friends and family. Not just secure enough for their own use, but reliable enough that they'd happily suggest it when their mom, sister, or best friend asks "which wallet should I use?"
In our early conversations with the crypto community, a common question kept surfacing. Before diving into features, security, or our team background, many people had the same fundamental concern: "Is it open source?"
Open Source Verification: Promise and Practice
The Limitations of Open Source Verification
The core premise of open source verification is compelling: when wallet code is open source and builds are reproducible, users can verify that the app they're running matches exactly what's in the public code repository. This creates real security benefits - the possibility of verification by anyone in the community acts as a powerful deterrent against malicious code insertion. Even if only a small percentage of technical users actually verify builds, their ability to sound the alarm protects the whole ecosystem. Projects like WalletScrutiny embody this philosophy, meticulously rating Bitcoin wallets based on reproducible builds.
Yet this seemingly robust security model faces several fundamental challenges. First, most users keep auto-updates enabled, since this is recommended for security patches and convenience. A compromised or coerced provider can exploit this to push new versions without publishing the corresponding source code. Disabling auto-updates isn't a practical solution - users would need to manually track build verification announcements and deliberately delay security patches until community vetting is complete. Further compounding the problem, iOS users are entirely unable to verify builds due to Apple's platform restrictions - making open source verification impossible for one of the largest user bases. These practical limitations mean users must still place ongoing faith in their wallet providers.
Users ultimately need to choose trustworthy wallet providers regardless of whether the code is open or closed source. Great wallet products require dedicated teams focused on security, maintenance, and continuous improvement - the most secure code still needs regular updates, active monitoring, and responsive support.
The Real Benefits of Open Source
Open source development, while not a complete solution to trust, does provide profound advantages. The ability for the community to contribute directly enables continuous improvement through diverse perspectives and expertise, often surfacing innovative solutions that internal teams might not discover. Security researchers play a particularly crucial role - their unrestricted access to examine the codebase helps identify vulnerabilities before malicious actors can exploit them.
The transparency of open source development serves as a catalyst for learning and innovation across the ecosystem. New developers can study production-grade wallet implementations to understand best practices, while experienced teams can build upon proven security patterns rather than reinventing solutions in isolation. This knowledge sharing accelerates the maturation of the entire space.
Perhaps most importantly, open source development creates meaningful accountability through observable practices. When development discussions, code changes, and security fixes happen in public view, wallet providers must maintain high standards or risk losing user trust. This transparency makes it exponentially more difficult to maintain malicious code long-term, as any suspicious patterns would likely be flagged by the community. While this doesn't eliminate the need for trust in wallet providers, it does create strong incentives for ethical behavior and professional development practices.
Smart Wallets
While exploring the role of open source in wallet security, smart contract wallets like Safe (formerly Gnosis Safe) point us toward an important realization: the most robust approach combines trusted providers with battle-tested open source infrastructure.
Our own journey at Doppio reflects this evolution in thinking about trust and security. We initially built our MVP using Fireblocks' MPC embedded wallet library. As we explored in our article "The Future of Crypto Wallets: MPC, Multisig or Smart Wallets?", we ultimately decided to transition to smart contract wallets.
Smart contract wallets introduce a powerful additional layer of security. In the early years of crypto, one might have drawn the opposite conclusion. Those early years revealed how challenging it is to write secure smart contracts - several devastating attacks exposed critical vulnerabilities, including The DAO Hack (2016, $50M lost) and the Parity Multi-Sig Wallet hacks (2017, $30M lost + $280M lost).
While the cost of these setbacks was enormous, they did drive the development of enhanced security measures and more sophisticated smart contract design patterns. Looking at projects like Safe today, we can see concrete evidence that the industry has matured. Safe now secures over $100 billion in assets with a proven security track record.
Smart contract projects like Safe consist of transparent, immutable rules that have withstood years of real-world attack attempts. This creates an opportunity to build wallets that combine the best of both worlds:
- Trusted Providers: Professional teams that maintain the application, provide support, and continuously improve the user experience
- Battle-Tested Core: Critical financial operations running on proven smart contracts that have withstood years of attempts to break them and are inherently open source and verifiable
The Path Forward
At Doppio, we're building on this understanding to create a wallet that leverages multiple layers of trust:
- A dedicated team focused on security, maintenance, and user experience
- Core financial operations running on proven smart contract systems
This balanced approach means users get the security benefits of battle-tested smart contracts, the reliability of a professional wallet provider, and the transparency of open source development where it matters most.