Hello,
I built 1wallet, a wallet designed for people who want the best and the latest from the world of crypto, but do not want to deal with senseless “mnemonic words”, “private keys”, or “seed phrases”. You can try it at https://1wallet.crazy.one
I want to work together with developers in this community to make 1wallet more powerful, more accessible, and more secure.
What is 1wallet
You don’t need to be technical to use 1wallet. It is:
- Simple: to create a wallet, just scan a QR code using the Google Authenticator app
- Secure: authorize transactions with 6-digit code from Google Authenticator. No private keys or passwords to take care of.
- Durable: easily restore wallet by scanning QR code exported by Google Authenticator, or recover funds using another wallet.
- Smart: configurable spending limit, composable security, and auto-recover mechanisms. Imagine a (physical) wallet that has an embedded computer - it can do a lot more than a plain old wallet that only carries your money around.
Reasons to work on 1wallet
- You will be among the first to pioneer the paradigm of keyless wallet
- Your work will open the doors of the cryptocurrency world to millions of people
- You hate private keys
- You hate banks
- You hate yourself because you didn’t buy Bitcoin when it was $1, or ONE when it was $0.001.
- You have too much money in crypto, but you couldn’t trust any wallet to hold it, except the one you built
- You built an awesome (d)App, but people can’t use your app because they don’t have a good wallet, or can’t bother to set one up
- You want to hide money from your (wife | husband | kids | family | government | mafia boss | assassin | …)
- You an IoT guy who wants to put a computer in everything, and everything into a computer, including your wallet
- Sizable prize money from Harmony Hackathon
Technical Blurb
1wallet is an unconventional keyless, non-custodial smart contract wallet.
As a smart contract wallet, it can do many things a traditional wallet couldn’t do: setting up daily spending and transfer limit, recover funds using another address, automatically track tokens (ERC/HRC-20, 721, 1155), automatically interact with other smart contracts, and a lot more.
As a keyless wallet, 1wallet is protected by dynamically generated one-time-password from Google Authenticator every 30 seconds. No private key or password is stored at the client. This removes the biggest vulnerability for hacking and theft: you cannot lose private keys if you don’t have it! It also removes the hassle of managing them and being forced to remember or write down a bunch of random recovery phrases.
Since Google Authenticator operates offline and is well insulated1 on your phone, it is much more secure than a private key wallet which usually stores a password protected private key on your hard drive in a file easy-to-access location, such as MetaMask - once your wallet file is copied and your password is leaked, your money is gone.
1wallet is non-custodial. Only you, who controls the Google Authenticator that scanned the setup QR code, can access and control the wallet. The wallet’s operations do not rely on any centralized server operated by any company.
1wallet is EVM compatible. It currently operates exclusively on Harmony network.
[1]: Unless you use rooted or jailbreak devices, in which case you need to take care of security insulation by yourself
How it works
See our wiki: Home · polymorpher/one-wallet Wiki · GitHub
TL;DR:
We generate proofs per 30-second that are verifiable on-chain if only if the user provides the correct 6-digit code from authenticator. We store partial proofs at the client that can only be completed with the correct 6-digit code. We also make everything deterministic so you can restore the wallet from the authenticator. We also mix in social and recovery mechanisms so that you can still prove you own the wallet (or at least the coins in it) even if you lost the authenticator.
How you can help
- Connect your dApp with 1wallet
- Make better UI for 1wallet
- Make 1wallet native clients
- Attack the wallet and earn bounty
- Find security design problems
- Work on open issues
Connect with me
Telegram: @aaronqli
1-on-1: Calendly
GitHub: @polymorpher
Keybase: @aaronqli
Collaborators
Code Contributors
Ivan Homoliak: Author of SmartOTP. Extensive review and feedback on overall design, smart contract implementation, and client security
Giv Parveneh: UI, user feedback, community
Haolin Jiang: Frontend and UI
Security Review
Ivan Homoliak: (same as above)
Shashank Agrawal: Security review
SlowMist: Security and smart contract audit
Dionysis Zindros: Theoretical research and design review
Dimitris Karakostas: Security and smart contract review
Andrianna Polydouri: Security and smart contract review
Acknowledgement
This project is sponsored, coordinated, and made possible by Harmony Team.