I’m Hashme-san! I have been working on blockchain DeFi tech for 3+ years, and previously founder of a blockchain startup. I’m excited to contribute to the Harmony ecosystem. I’m here to tell you about this exciting project I’m working on. It’s called SmartVault, a contract wallet designed with worry-free recovery by using your Google Authenticator 5- consecutive token codes as recovery, which means you don’t have to worry about writing key phrases, remembering password, email phishing, or sms hijacking.
Full list of features:
- Worry-free recovery: No worry about key phrases, passwords, device loss, email phishing, sms hijacking. Recover with 5 OTP tokens which means entering 30 digits code, providing you security of 100bits+ of entropy.
- Harmony Name Service: Just like domain registration, register yourself an easy name to lookup your wallet and share with your friends.
- HRC20/HRC721/HRC1155: Fully supported HRC20, Non-Fungible Tokens (ERC721), and Multi-token Standard (HRC1155).
- Spending Limit: Protect your wallet by capping spending limits and requiring 2FA OTP wallet verification.
- Social Guardians: Take your wallet security to the next level by requiring multiple devices you own or friends & family to authorize over spending limits, and recovery.
- Smart contract without the hassle: Self-sufficient. You don’t need native wallet (like metamask or CLI) to sign transactions to use it. We designed meta transactions which can be relayed, and deduct fees from your wallet when it is successful.
- Activate your wallet with a simple deposit: Using counterfactual wallet EIP 1014, we can generate your “future” wallet before it is created, and safely deposit into the address any amount, from anywhere (even exchanges like Binance, Coinbase, etc).
- Fully Upgradeable: Smartvault has built-in upgrade functions. As there are more features like staking, DEX added, simply upgrade with all the new features without moving your assets, and still keep the same address.
You may be asking, Why contract wallet?
Metamask, CLI, and other native wallets are “External Owned Accounts” (EOA), controlled by private key, which represent single point failure such as loss, or hacking. Exchange wallets are protected only by your password and limited to how it interacts with Dapps. On the other hand, contract wallet security can be composed to your specific needs in terms of what kind of security you need, who can access it, your spending patterns, lock and unlock mode – all on the blockchain.
Contract wallets are difficult to use! How about SmartVault?
Contract wallets have always been difficult to use because you need to know how to interact with them as contracts. We built a relayer around it so you don’t need metamask or CLI to sign transactions. There are webclient + CLI available. The wallet is self-sufficient like other native wallets…
What kind of academic research is behind this project?
We were inspired by Ivan’s SmartOTP paper which leverages a merkle tree to prove that a) the user knows the current OTP code and b) the code belongs to a given authenticator secret. We adapted the idea into an Argent-like wallet, and functions with Google Authenticator. More background information in Github wiki
How is it different from polymorpher/one-wallet?
Both projects are inspired by the same SmartOTP paper. The main difference is one-wallet authorizes each transaction by verifying the OTP code provided from the user, whereas smartvault assigns an owner-key to sign for the wallet, and that owner-key can be changed out when you initiate the recovery process with the Google Authenticator. Think of it smartvault like a smart lock which you can reprogram the lock with a new pin (private key) as long as you know the master code (google authenticator).
Has the code been audited?
It is currently undergoing a security audit by Slowmist.
Dapps, Dapps, Dapps!
How can I help?