feat: overhaul of the Wallet Security section

src/config/SUMMARY.md.develop

@@ -36,13 +36,18 @@
   - [Integration & Mapping to Other Frameworks]()
   - [Appendices]()
 - [Wallet Security](./wallet-security/README.md)
-  - [Cold vs Hot Wallet](./wallet-security/cold-vs-hot-wallet.md)
   - [Custodial vs Non-Custodial](./wallet-security/custodial-vs-non-custodial.md)
-  - [Hardware Wallets](./wallet-security/hardware-wallets.md)
-  - [Signing Schemes](./wallet-security/signing-schemes.md)
-  - [Software Wallets](./wallet-security/software-wallets.md)
-  - [Secure Multisig Best Practices](./wallet-security/secure-multisig-best-practices.md)
-  - [Secure Multisig Signing Process](./wallet-security/secure-multisig-signing-process.md)
+  - [Cold vs Hot Wallet](./wallet-security/cold-vs-hot-wallet.md)
+  - [Wallets For Beginners & Small Balances](./wallet-security/for-beginners-&-small-balances.md)
+  - [Wallets For Intermediates & Medium Funds ](./wallet-security/intermediates-&-medium-funds.md)
+  - [Multisig Wallets For Advanced Users & High Funds](./wallet-security/secure-multisig-best-practices.md)
+  - [Account Abstraction Wallets](./wallet-security/account-abstraction.md)
+  - [Signing & Verification](./wallet-security/signing-verification.md)
+    - [Verifying Standard Transactions (EOA)](./wallet-security/verifying-standard-transactions.md)
+    - [Multisig Signing Process](./wallet-security/secure-multisig-signing-process.md)
+    - [Using EIP-7702](./wallet-security/verifying-7702.md)
+  - [Private Key & Seed Phrase Management](./wallet-security/private-key-management.md)
+  - [Tools & Resources](./wallet-security/tools-&-resources.md)
 - [External Security Reviews](./external-security-reviews/README.md)
   - [Expectation](./external-security-reviews/expectation.md)
   - [Preparation](./external-security-reviews/preparation.md)

src/config/contributors.json

@@ -78,5 +78,16 @@
     "description": "Creator and maintainer of the ENS framework",
     "company": "JustaLab",
     "website": "https://justalab.co"
+  },
+  "pinalikefruit": {
+    "name": "Piña",
+    "avatar": "https://github.com/pinalikefruit.png",
+    "github": "https://github.com/pinalikefruit",
+    "twitter": "https://x.com/pinalikefruit",
+    "features": ["steward"],
+    "role": "Security Researcher",
+    "description": "Creator and maintainer of Wallet Security Framework",
+    "company": "Coinspect",
+    "website": "https://www.coinspect.com/"
   }
 }

src/wallet-security/README.md

@@ -1,33 +1,40 @@
 ---
-tags:
-  - Engineer/Developer
-  - Security Specialist
+contributors:
+  - role: wrote
+    users: [pinalikefruit]
+  - role: reviewed
+    users: [Coinspect]
 ---
 
 # Wallet Security
 
+In cryptocurrency, the security of digital assets is directly tied to how control over the funds is protected. This section provides a technical deep-dive into wallet security, covering the range from fundamental concepts to advanced practices for safeguarding assets against theft, loss, and unauthorized access.
 
-Cryptocurrency relies on cryptographic keys to secure transactions and manage ownership of digital assets. Proper wallet security is essential to protect these assets from theft, loss, and unauthorized access. This guide covers the fundamental aspects of wallet security, offering insights into different types of wallets, signing schemes, and best practices to ensure a high level of security.
+The goal is to move beyond introductory concepts and provide actionable, technical knowledge for securely managing crypto assets.
 
 ## Table of Contents
 
-- [Cold vs Hot Wallet](./cold-vs-hot-wallet.md) - Understanding the differences between cold and hot wallets
-- [Custodial vs Non-Custodial](./custodial-vs-non-custodial.md) - Comparing custodial and non-custodial wallet solutions
-- [Hardware Wallets](./hardware-wallets.md) - Guide to hardware wallet security and best practices
-- [Signing Schemes](./signing-schemes.md) - Overview of different signing schemes and their security implications
-- [Software Wallets](./software-wallets.md) - Security considerations for software-based wallet solutions
-- [Secure Multisig Best Practices](./secure-multisig-best-practices.md) - Best practices for setting up and managing multisig wallets
-- [Secure Multisig Signing Process](./secure-multisig-signing-process.md) - Detailed guide for secure multisig transaction signing
-
-In this section you can:
-
-- Learn the differences between cold and hot wallets, their use cases, and how to choose the right one for your needs.
-- Understand the pros and cons of custodial and non-custodial wallets, and which type suits your security preferences.
-- Explore popular hardware wallets, their characteristics, and the importance of using them for secure key storage.
-- Get insights into different signing schemes such as EOAs, Multisig, Smart Contract Wallets, and more, including their use cases and security implications.
-- Discover various software wallets, their features, and how they can be used securely to manage cryptocurrency assets.
-
-Effective wallet security is the cornerstone of cryptocurrency security, including taking physical attacks such as the wrench attack into consideration.
+- [Custodial vs Non-Custodial](./custodial-vs-non-custodial.md) - Comparing custodial and non-custodial wallet solutions.
+- [Cold vs Hot Wallet](./cold-vs-hot-wallet.md) - Understanding the security trade-offs of online and offline wallets.
+- [Wallets For Beginners & Small Balances](./for-beginners-&-small-balances.md) - Recommended setups for users with non-critical funds.
+- [Wallets For Intermediates & Medium Funds](./intermediates-&-medium-funds.md) - Security upgrades for users with significant assets.
+- [Multisig Wallets For Advanced Users & High Funds](./secure-multisig-best-practices.md) - Best practices for setting up and managing multisig wallets.
+- [Account Abstraction Wallets](./account-abstraction.md) - Exploring the security features of smart contract wallets.
+- [Signing & Verification](./signing-verification.md) - An overview of secure transaction signing and verification.
+    - [Verifying Standard Transactions (EOA)](./verifying-standard-transactions.md) - How to safely verify transactions from standard wallets.
+    - [Multisig Signing Process](./secure-multisig-signing-process.md) - Detailed guide for secure multisig transaction signing.
+    - [Using EIP-7702](./verifying-7702.md) -  Enabling smart contract features for EOAs and mitigating new risks.
+- [Private Key & Seed Phrase Management](./private-key-management.md) - Best practices for securing your seed phrase.
+- [Tools & Resources](./tools-&-resources.md) - A curated list of security tools and resources.
+
+In this section you can learn:
+
+- Explore wallet fundamentals, analyzing the security trade-offs of hot vs. cold wallets and the ownership implications of custodial vs. non-custodial models.
+- Receive guidance on choosing the right wallet for your threat model, from basic setups to advanced configurations like Multisignature (Multisig) and Account Abstraction wallets.
+- Master transaction verification techniques, from basic smart contract interactions to the advanced verification.
+- Implement security best practices for private key and seed phrase management.
+
+Mastering wallet security is a critical skill for any developer, user, or organization operating in the web3 ecosystem.
 
 ![security](https://github.com/security-alliance/frameworks/assets/84518844/12e2cba3-f69e-4fde-85f1-8a235b9808af)
 

src/wallet-security/account-abstraction.md

@@ -0,0 +1,52 @@
+---
+tags:
+  - Engineer/Developer
+  - Security Specialist
+  - Operations & Strategy
+contributors:
+  - role: wrote
+    users: [pinalikefruit]
+  - role: reviewed
+    users: [Coinspect]
+---
+
+## Account Abstraction Wallets
+
+### User Profile
+
+Advanced users, developers, and organizations interested in programmable security, customizable transaction rules, and moving beyond the limitations of standard Externally Owned Accounts (EOAs) to eliminate single points of failure like seed phrase loss.
+
+### Primary Goal
+
+To leverage the power of smart contracts at the account level, enabling features like social recovery, gas sponsorship, batch transactions, and flexible security policies that are not possible with an EOA.
+
+### Core Concept: ERC-4337
+
+Account Abstraction (AA) turns a user's account into a smart contract, making it programmable. Instead of being controlled directly by a single private key, the account's logic is defined by its code. This is achieved through **ERC-4337**, a standard that enables AA without requiring changes to the core Ethereum protocol. It introduces a higher-level pseudo-transaction system with several key components:
+
+*   **Smart Contract Account**: The user's wallet itself is a smart contract, containing custom logic for validating transactions.
+*   **UserOperation**: A data structure that bundles the user's intent, calldata, and signature. This object is sent to a dedicated, alternative mempool.
+*   **Bundlers**: Specialized nodes that package multiple `UserOperation` objects from the mempool into a single transaction and submit it to the `EntryPoint` contract.
+*   **EntryPoint**: A singleton smart contract that acts as the central orchestrator. It verifies and executes the bundled `UserOperations`, ensuring that accounts and paymasters have sufficient funds to pay for gas.
+*   **Paymasters**: Optional smart contracts that can sponsor gas fees on behalf of the user, enabling gasless transactions for the end-user or allowing fees to be paid in ERC-20 tokens.
+
+### Key Benefits & Features
+
+*   **Enhanced Security**:
+    *   **Social Recovery**: Mitigate the risk of losing a primary key by designating trusted "guardians" (other accounts or devices) who can collectively approve an account recovery.
+    *   **Customizable Policies**: Implement robust security rules directly into the wallet, such as daily spending limits, whitelisting trusted contracts, or requiring multisig confirmation for transactions over a certain value.
+
+*   **Improved User Experience**:
+    *   **Gasless Transactions**: Enjoy a smoother experience where dApps can sponsor gas fees, or pay for transactions using ERC-20 tokens instead of needing the chain's native asset (e.g., ETH).
+    *   **Simplified Interactions**: Perform complex, multi-step actions (like `approve` and `swap`) in a single, atomic transaction, reducing clicks and potential points of failure.
+
+
+### Security Considerations & Best Practices
+
+*   **Smart Contract Risk**: The security of an AA wallet is entirely dependent on the quality and security of its underlying smart contract code. Bugs or vulnerabilities in the account's implementation can lead to a total loss of funds. **Thorough audits of the account logic are non-negotiable.**
+*   **Guardian Selection and Security**: The strength of the social recovery model depends on the security and independence of the guardians. They should be diverse and not susceptible to a single common threat.
+*   **EntryPoint Centralization**: The `EntryPoint` contract is a central trust point for the entire ERC-4337 ecosystem. A vulnerability in the official `EntryPoint` could have widespread consequences. Use only the canonical, heavily audited `EntryPoint` contract.
+*   **Paymaster and Factory Security**: Malicious or poorly coded Paymasters and Factories can introduce DoS vectors or other risks. The ERC-4337 standard includes a reputation system and staking mechanisms to throttle or ban misbehaving entities, but users should only interact with trusted and audited Paymasters.
+*   **Gas Overhead**: The added logic in a smart contract account means that transactions can be more expensive than those from a standard EOA. This trade-off between features and cost should be considered, though it can be offset by gas sponsorship.
+*   **Key Revocation**: If the primary signing key is compromised, the recovery process allows you to swap it out for a new one without having to move all assets to a new wallet address.
+* **Advanced Guardian Setups**: For enhanced security, guardian roles can be implemented using **Multi-Party Computation (MPC)**. In an MPC-based recovery, guardians hold cryptographic shares that are used collectively to authorize a recovery action. This method allows guardians to produce a valid signature through a distributed computation using their individual shares, without ever reconstructing a single master key on any device. 

src/wallet-security/cold-vs-hot-wallet.md

@@ -2,46 +2,65 @@
 tags:
   - Engineer/Developer
   - Security Specialist
+  - Operations & Strategy
+contributors:
+  - role: wrote
+    users: [pinalikefruit]
+  - role: reviewed
+    users: [Coinspect]
 ---
 
 # Cold vs. Hot Wallets
 
+The primary distinction between wallet types is their connectivity to the internet. This factor dictates their security threat model, risk profile, and ideal use cases. 
 
 ## Cold Wallets
 
 ### What Are They?
-Cold wallets are offline storage solutions for cryptocurrencies. They are not connected to the internet, which makes them highly secure against online attacks.
+
+Cold wallets are cryptocurrency wallets that store private keys in an offline environment. By being disconnected from the internet, or "air-gapped," by default, they provide the highest level of security against online attacks like malware and phishing.
+
+Transactions are signed offline and then broadcast to the network using a connected device, ensuring the private keys  are stored on device with minimal connectivity.
 
 ### Types of Cold Wallets
-- **Hardware Wallets**: Physical devices that store private keys offline.
+
+- **Hardware Wallets**: Dedicated physical devices that store private keys offline and sign transactions without exposing the keys to a connected internet device.
 - **Paper Wallets**: Physical printouts or handwritten notes of private keys and QR codes.
-- **Air-Gapped Computers**: Computers that are never connected to the internet.
+- **Software Wallets on Air-Gapped Devices**: Standard wallet software installed on a device that is permanently disconnected from the internet, used for offline transaction signing.
 
 ### Use Cases
+
 - **Long-Term Storage**: Ideal for storing large amounts of cryptocurrency for extended periods.
-- **High Security Needs**: Suitable for users who prioritize security over convenience.
+- **High-Security Needs**: Essential for individuals securing significant value and operating with a low risk tolerance.
 
 ## Hot Wallets
 
 ### What Are They?
-Hot wallets are online storage solutions for cryptocurrencies. They are connected to the internet, making them more convenient but less secure than cold wallets.
+
+Hot wallets are actively and consistently connected to the internet. This connectivity makes them highly convenient for daily use but also inherently more vulnerable to online attacks.
 
 ### Types of Hot Wallets
+
+- **Browser Wallets (Extensions)**: Software that integrates directly into a web browser, allowing seamless interaction with dApps.
 - **Mobile Wallets**: Apps installed on smartphones.
-- **Desktop Wallets**: Software installed on computers.
-- **Web Wallets**: Online services accessible via web browsers.
 
 ### Use Cases
-- **Daily Transactions**: Ideal for users who need quick access to their funds for transactions.
-- **Small Balances**: Suitable for storing smaller amounts of cryptocurrency that are used regularly.
+
+- **Daily Transactions & dApp Interaction**: Perfect for users who need quick and frequent access to their funds for interacting with applications.
+- **Small Balances**: Suitable for storing smaller, non-critical amounts of cryptocurrency that are used regularly.
 
 ## Comparison
 
-| Feature            | Cold Wallets       | Hot Wallets       |
-|--------------------|--------------------|-------------------|
-| Security           | High               | Moderate to Low   |
-| Convenience        | Low                | High              |
-| Internet Exposure  | None               | Constant          |
-| Use Case           | Long-term storage  | Daily transactions|
+| **Feature** | **Cold Wallets** | **Hot Wallets** |
+| :--- | :--- | :--- |
+| **Convenience** | Low | High |
+| **Use Case** | Long-term storage | Daily transactions |
+| **Risk** | Physical loss/damage | Online attacks, malware |
+
+
+## **Key Security Considerations**
+
+Regardless of the type, non-custodial wallets place the full burden of security on the user:
 
-[^gemini]: https://www.gemini.com/cryptopedia/crypto-wallets-hot-cold
+- **Online Vulnerabilities**: If the device they are on (computer or phone) is compromised, your assets can be stolen.
+- **Supply Chain Attacks**: Be cautious of both software and hardware integrity. Always download wallet software from official sources and purchase hardware wallets directly from the manufacturer to avoid receiving a tampered device.