Madhavan Malolan

Posted on Apr 22, 2022Read on Mirror.xyz

Progressive Security - a wallet design

Wallets don’t need security on day 1, onboarding needn’t be so hard. Here, I present a wallet design that is easy for users to onboard and secure enough when deemed appropriate.

When the user has 0 funds in their wallet, it is OK to have lower security. But a not-so-secure wallet doesn’t scale. How can users have a wallet who’s security adapts to assets in custody?

Application specific wallet

After researching over 30 wallet apps/extensions - I feel confident that there’s not going to be one wallet to rule them all in the near future.

Every developer serious about their Dapp’s user experience will build their own (disposable) wallet.

The apps should create a private key for the user and manage the transactions using the said private key under the hood. Even better if the app uses a relayer to make sure the end user needn’t have to have crypto to pay gas before they make their first transaction (meta-transactions).

Disposable wallet

Each app that creates a new wallet for it’s users may or may not be secure. If you are building a web app, you might consider creating a wallet for the user in-browser. Meaning, you just store the wallet’s private key in a localstorage.

This is a major security risk. But it is OK when the user has just signed up, doesn’t have any funds to lose. The purpose of this wallet is to get started and eventually dispose the wallet.

Smart contract wallet

When the above disposable wallet is created by the app, it should also deploy a smart contract wallet with the newly created in-browser disposable wallet as its designated signatory.

All that this smart contract does is forwards the calls. In other words, all it does is changes the msg.sender ;

This smart contract wallet has 3 modes that gives it progressive security.

  1. Default mode, where all the calls are forwarded if it comes from the designated disposable in-browser wallet
  2. Single signer mode, where the user can replace the designated wallet address to a more secure wallet like Metamask.
  3. Multi sig mode, where the user can replace the designated wallet address with multiple addresses needing a k/n for any transaction to go through.
  4. [ Bonus ] HD wallet mode, the user can replace designated wallet with a HD wallet for maximum security (technically same as #2)

The app that provides this disposable wallet along with progressive security should educate the users at the right time to upgrade their security. E.g. move to metamask when you have $100 worth of assets; move to multi sig when you have $10,000 assets etc.

Why

  1. Great user experience because they don’t need to install a separate wallet if they don’t have one already
  2. The user experience on current wallets are all optimized for DeFi/trading - which may or may not be the ideal experience for, say, a game
  3. When upgrading security, the address shouldn’t change; especially because lot of smart contracts use msg.sender as user identification