Rainbow – Good option to diversify Safe approval accounts

Rainbow meets most of the important desired characteristics of approval account providers outlined.

• When distributing Safe approval accounts across people and/or organizations Safe approver diversity is important. That is to coordinate multiple providers of hardware and software approval accounts that are used.
• This will improve security for individual and organizations by making their recovery options more resilient.

Here are some of the resources used to research approval account providers

• ethereum.org wallet resources
• Safe ecosystem projects and apps

Desired characteristics of approval account providers

Open source

Both the frontend and backend code are publicly available on GitHub

Platforms

Available on Firefox Beta and Chrome based browsers, Android, and iOS

Self recovery independent of a service provider

Self recovery is possible independent of a service provider or 3rd party using the 12 word recovery phrase

Good user experience UX with Safes created from the native app app.safe.global

• Basic actions: Create action, approve, confirm onchain
• Platforms: Web/desktop and mobile
• Network support and management switching between layer 2s L2s in the web app
• Account management switching between multiple seed phrase based accounts

Strong team

• Distributed across the United States US, New York, Boston, Miami, Los Angeles, Bentonville, etc.
  • The US has been hostile to crypto through enforcement actions against companies without clear legislation
  • However the US has a clear rule of law especially compared to other countries and crypto companies have been winning court cases the past few years
  • The US has freedom of speech and stronger property rights compared to other countries
• Experience from ConsenSys, Stripe, Amazon, eBay, etc.
  • These companies and products are used by millions of people providing easy and reliable experiences

Reputable investors

Alexis Ohanian, the Reddit cofounder’s investment company, Seven Seven Six, led an $18 million investment round in 2022

Fear, uncertainty, and doubt FUD

No specific items related to Rainbow have been found

Research to be done

Areas for myself and/or others to follow up on

Manage networks on mobile

Is it possible to manually switch networks in the Rainbow Android mobile app the same way it works in the web app? I could not find a way to do so.

Firefox app security

• Double checking that the Rainbow Firefox beta app is secure to use?
• According to Rainbow’s “Developer comments” they say “Rainbow for Firefox is currently in Beta. Your wallets are fully secured and protected, but Firefox currently suffers from performance issues related to modern extension architectures. Our team is hard at work addressing these limitations with Firefox and the broader industry to improve your user experience.”

Audits

• How was the externally owned account EOA reviewed in the original audit in ~2019?
• Mike Demarais, the Rainbow cofounder, explains that audits for EOA accounts are less useful snapshots in time because the code is changing quickly compared to slow and steady smart contract account code updates.

Sustainable business model

• I estimate fees are generated through making in-app actions and services like trading, staking, depositing into liquidity pools, etc.
• More research needs to be done to learn if and how profitable this is.

Future consideration of Chrome based Safe approval accounts

• Firefox is important because it adds the highest standard of resilience as it is not dependent on Chromium like the majority of web browsers
• Apps made for Firefox will most likely also be available on Chromium based browsers
• How dependent is Brave on Google? That is are there any core tech dependencies Google provides to Chromium, E.g. Hosting code libraries, infrastructure, etc. that Brave and others rely on or is Chromium fully runnable/deployable on its own?