2 Safe Authorization

Safe Development
1

We have an idea that could possibly prevent scam interactions by adding an extra safety layer to the EOA. It’s inspired by the well-known 2-Factor Authentication (2FA) that many apps use but is tailored specifically for Externally Owned Accounts (EOA).

2SA is an additional security layer for the EOA and will provide enhanced security to users who opt for this feature by asking for confirmation from another mobile app.

General Overview

  • is similar to 2FA.
  • It asks for approval for every transaction.
  • Our goal is to allow users to explore every dApp freely, without restrictions, while safeguarding their main wallet.
  • 2SA isn’t the primary app with which users interact on the blockchain; it’s an authorization app.
    • Users will utilize apps like Metamask or others. 2SA’s role is to approve/reject incoming interactions.
  • For a visual representation of its operation, you can view the confirmation steps here

Technical Questions

We’re aware that a wallet holding the private key can sign transactions without external authorization. However, with Safe multisignature wallets, the wallets require the permission of the Externally Owned Accounts.

The challenge we face is our limited understanding of the capabilities of the Safe Modules.

We envision having an authorization (or confirmation, if the former term might cause confusion) wallet, along with a primary wallet. The authorization wallet will function similarly to how EOAs operate when using a Safe Multisig wallet. The primary distinction being that users can initiate transactions from any widely-used wallet, and 2SA will then prompt them for approval via the mobile app (or computer in the initial stages).

So, our questions are:

  • Can we utilize the Abstracted Wallet as an Authorization (or Confirmation) Wallet?
  • If feasible, should our next steps involve Safe Core or Safe Modules?

Product Benefits
I personally rely on Ledger for the security of my personal accounts. However, I don’t want the inconvenience of carrying my Ledger everywhere, which also restricts my exploration of dApps. A few other hardware options are available, but none align with the 2FA model, which simply offers an additional layer of security.

  • You’ll achieve a heightened degree of control over your assets, even if it doesn’t match the peak security standards.
  • In the event of suspicious activities, you’d need to provide approval through the app.
  • There’s no longer a need to lug around a hardware wallet to achieve intermediate security.
  • Transaction approvals will be contingent upon your explicit intent, especially in theft scenarios.

For enthusiasts like me, who frequently experiment with the latest protocols, switching between multiple test wallets can make the experience confusing and tracking them all becomes a hassle.

2 Likes
2

Thank you for following up and posting here!

Is my summary of what is being asked accurate?

  • Can you design a module to approve transactions using other forms of verification than EOA approvals (signers)?
  • For example, can you build a module that lets you approve transactions with your USB-C Yubico 2FA Yubikey or any other 2FA software and hardware?
1 Like
4

In overall, yes.

To be more accurate, is it possible to design a module that externally approves the EOA’s transactions?

If that is possible, we thought about a simple mobile app, instead the hardwares like Yubikey. I might be wrong, but If designing such a module is possible, integration with Yubico products is also possible.

Apart from our primary concept, we believe that external approval for EOAs is nearly impossible. We want to understand what we can achieve using Safe modules.

Back to the questions regarding the software and the module:

  • Yes, we’re thinking about a simple mobile app that approves transactions. This could potentially be expanded to include other hardware with the necessary configurations.
  • We aim to design a module that uses verification methods other than EOAs.
2 Likes