1wallet - an unconventional keyless wallet

Hello,

I built 1wallet, a wallet designed for people who want the best and the latest from the world of crypto, but do not want to deal with senseless “mnemonic words”, “private keys”, or “seed phrases”. You can try it at https://1wallet.crazy.one

I want to work together with developers in this community to make 1wallet more powerful, more accessible, and more secure.

What is 1wallet

You don’t need to be technical to use 1wallet. It is:

• Simple: to create a wallet, just scan a QR code using the Google Authenticator app
• Secure: authorize transactions with 6-digit code from Google Authenticator. No private keys or passwords to take care of.
• Durable: easily restore wallet by scanning QR code exported by Google Authenticator, or recover funds using another wallet.
• Smart: configurable spending limit, composable security, and auto-recover mechanisms. Imagine a (physical) wallet that has an embedded computer - it can do a lot more than a plain old wallet that only carries your money around.

Reasons to work on 1wallet

• You will be among the first to pioneer the paradigm of keyless wallet
• Your work will open the doors of the cryptocurrency world to millions of people
• You hate private keys
• You hate banks
• You hate yourself because you didn’t buy Bitcoin when it was $1, or ONE when it was $0.001.
• You have too much money in crypto, but you couldn’t trust any wallet to hold it, except the one you built
• You built an awesome (d)App, but people can’t use your app because they don’t have a good wallet, or can’t bother to set one up
• You want to hide money from your (wife | husband | kids | family | government | mafia boss | assassin | …)
• You an IoT guy who wants to put a computer in everything, and everything into a computer, including your wallet
• Sizable prize money from Harmony Hackathon

Technical Blurb

1wallet is an unconventional keyless, non-custodial smart contract wallet.

As a smart contract wallet, it can do many things a traditional wallet couldn’t do: setting up daily spending and transfer limit, recover funds using another address, automatically track tokens (ERC/HRC-20, 721, 1155), automatically interact with other smart contracts, and a lot more.

As a keyless wallet, 1wallet is protected by dynamically generated one-time-password from Google Authenticator every 30 seconds. No private key or password is stored at the client. This removes the biggest vulnerability for hacking and theft: you cannot lose private keys if you don’t have it! It also removes the hassle of managing them and being forced to remember or write down a bunch of random recovery phrases.

Since Google Authenticator operates offline and is well insulated¹ on your phone, it is much more secure than a private key wallet which usually stores a password protected private key on your hard drive in a file easy-to-access location, such as MetaMask - once your wallet file is copied and your password is leaked, your money is gone.

1wallet is non-custodial. Only you, who controls the Google Authenticator that scanned the setup QR code, can access and control the wallet. The wallet’s operations do not rely on any centralized server operated by any company.

1wallet is EVM compatible. It currently operates exclusively on Harmony network.

[1]: Unless you use rooted or jailbreak devices, in which case you need to take care of security insulation by yourself

How it works

See our wiki: Home · polymorpher/one-wallet Wiki · GitHub

TL;DR:

We generate proofs per 30-second that are verifiable on-chain if only if the user provides the correct 6-digit code from authenticator. We store partial proofs at the client that can only be completed with the correct 6-digit code. We also make everything deterministic so you can restore the wallet from the authenticator. We also mix in social and recovery mechanisms so that you can still prove you own the wallet (or at least the coins in it) even if you lost the authenticator.

How you can help

• Connect your dApp with 1wallet
• Make better UI for 1wallet
• Make 1wallet native clients
• Attack the wallet and earn bounty
• Find security design problems
• Work on open issues

Connect with me

Telegram: @aaronqli

1-on-1: Calendly

GitHub: @polymorpher

Keybase: @aaronqli

Collaborators

Code Contributors

Ivan Homoliak: Author of SmartOTP. Extensive review and feedback on overall design, smart contract implementation, and client security

Giv Parveneh: UI, user feedback, community

Haolin Jiang: Frontend and UI

Security Review

Ivan Homoliak: (same as above)

Shashank Agrawal: Security review

SlowMist: Security and smart contract audit

Dionysis Zindros: Theoretical research and design review

Dimitris Karakostas: Security and smart contract review

Andrianna Polydouri: Security and smart contract review

Acknowledgement

This project is sponsored, coordinated, and made possible by Harmony Team.

Here’s my interview with @aaronqli about 1Wallet:

excellent, looking forward to our hackathon and what we can build upon it. https://hack.harmony.one

This was fantastic. Great interview and love that you, @aaronqli, made a solution to a devastating problem. As a user of the wallet, I love seeing all the updates coming. Looking forward to contributing work to it soon enough.

This is seriously fundamental in the mainstreaming of crypto, imo. Great idea.

I’d love to help out. Question - when I go to scan the QR code with 1Password on 1wallet.crazy.one, it says it’s an unsupported QR code. Is this a 1Password issue?

Thanks!

try this: need to use it with google authenticator, not just a camera scan

Thanks. The scanning error is intentional, see Prompt to Google Authenticator app when setup QR code is scanned, instead of deferring the decision to user's phone · Issue #109 · polymorpher/one-wallet · GitHub