What steps have the foundation taken or plan to take related to being able to view the source code of live contracts? Similar to how we would on Ethereum with any block explorer. Not being able to see what we sign or verify if the git code matches the code devs executed on chain is a large concern of this community. This applies to both devs and users. We are flying blind.

So far the best approach seems to be: https://github.com/Ellipsis-Labs/solana-verifiable-build

Curious if this is something Solana thought leaders and core developers are aiming to improve.

Has nothing to do with signing a malicious contract. Hot vs cold wallet discussions are about where your private keys are best stored.

What seems seem like a better method to store your passwords? On your phone or on a device that doesn’t share it with anything? When comparing hot vs cold you are comparing how you store your keys. Your keys are your passwords. HW wallets also offer an extra layer of protection against your greatest security weakness. You. It forces you into additional steps before doing something stupid while being phished. Phishing is behind 99.999999% of any story related to someone losing their funds.

Software wallets obviously encrypt, but you can be safer with cold storage. We’ve seen attacks in the past where the auto “update software” feature of a software wallet was compromised. Users would then unknowingly update to a malicious new version that asks them to re-confirm their keys. They then lost everything. This wouldn’t be something that would affect as many HW wallet users as those users should know they will NEVER be asked to input their seed in any other way besides using device itself. This means no typing in. No malicious software to catch it. Yet, some will still fall for these tricks.

TLDR: Software wallets work well enough as they encrypt. Are there very rare situations that this may not be enough security? Yes. This has nothing to do with visiting a website that links to a bad smart contract. This is just phishing. Any sizeable amount of wealth should still only be connected to a key stored offline.

You only put yourself at risk if you sign the transaction. Think about it. Nothing gets approved without your signature. Don’t believe? Make a temp test wallet with some change. Go exploring. You’ll learn more doing your own research.

This will also teach you to never use your main wallet when playing around. Keep a savings address and a “checking” address.

Do yourself a favor and buy real SOL from exchanges that will let you actually withdraw your SOL. This way you can guarantee you are actually contributing to reducing SOL supply with each of your purchases or your not paying an 800% premium because you are leveraging some tradfi trust like Grayscale.

No, but it is the best at what it does.

It’s absolutely nothing. According to documented timelines of Ethereum’s creation by Laura Shin. Probably the best source of Ethereum’s historical record we have to date.

- “Steven Nerayoff, with whom Joe [Lubin] was working on the legality of the crowdsale in the United States, says he told Joe and Charles [Hoskinson] as he dropped them off at the airport, ‘Something’s wrong, guys.’ Steven believes that Joe, who doesn’t recall this conversation, said, ‘You worry too much.’” He was referring to legal concerns on on the team holding too much of the token. Something Charles wanted. Which is why Vitalik rallied against this. This further shows Nerayoff cleared Ethereum, and their path of release. Charles and Joe were pushing for a design that would be more of a legal concern.

- “Steven Nerayoff realized that since ether was necessary to use Ethereum (because people needed to pay for computation), it was like gas needed to drive a car. Thus the presale was selling a product, something that people intended to use, rather than a security.” He definitely wasn’t the brains. He was judging the work of others. He did not see ETH as a security.

- “Steven Nerayoff, the lawyer-turned-technologist who had facilitated the relationship with the US law firm that gave the opinion letter saying ETH was not a security and who had worked closely with Joe on the presale, was arrested for alleged extortion of a company that held an ICO in the fall of 2017. He has pled not guilty and is still awaiting trial.” He later advocated that ETH was did everything right.

- Nerayoff played a significant role in the legal and strategic aspects of Ethereum’s development, particularly in relation to the crowdsale and the legal classification of Ether. He was also facilitating relationships with law firms and his contribution to the interpretation of Ether as a product rather than a security. He likely feels shafted as he did not have a core role in development, and did not believe in the long term future of the project. He was a legal advisor. Those who only want money.

Nerayoff was not a coder or involved in the technical development of Ethereum. He clearly wasn’t the brains. His role was more focused on legal and strategic aspects. He’s since shifted to more of a technologist. That is only because of the company he kept. He originally gave the core Ethereum team a green light. Why the sudden 180? Hmmmmmm.

Come on guys. Stop getting caught up in nothing burgers weaponized to scare you or for others to make money. Do your research. Damn.

So how about learning about your tiny investment instead of just selling to USD? Maybe it won’t be so tiny long into the future.