[Draft] [OBRA] Safe Accounts for NFC Tags and Real-world rollout - Citizen Wallet
Abstract
This proposal seeks to expand upon the initial Safe Accounts for NFC tags project by building a standalone, user-facing NFC app and a POS app, along with necessary upgrades to the Card Manager Safe Module. Over six months, we aim to create a scalable, secure, and easy-to-use solution that allows NFC tag users to access their account information and vendors to manage their payments securely. We plan to deliver apps that can operate across various networks and implement features like two-factor authentication, NFC tag protection, and user notifications. Additionally, we will ensure the security of our smart contracts through an audit process.
Our real-world use-case will be using the apps + card manager module to power Brussels Pay. More specifically, one of the Brussels Pay initiatives we are aiming to start with is to allow asylum seekers in Brussels to be more easily integrated into the local economy by giving them quick access to spend their government allowance in local shops using the EURb stable coin on NFC wallets.
Aligned Strategy
Wildcard strategy
Funding Request
40,000 USDC (estimate based on projected resources)
Relation to Budget
40% of total budget (estimate)
Metrics and KPIs
We propose measuring success through the following:
- App + POS App + Card Manager Module are able to interact with each other as intended.
- Ease of use and security features (e.g., 2FA, notifications).
- Usage on the ground: transaction volume, unique users, and user feedback.
- Performance of the basic NFC tag protection against cloning, protection through 2FA for spending that exceeds limits.
- Compliance and security: smart contract audit results.
Initiative Description
Objective
The goal of this initiative is to build upon the initial Safe Accounts for NFC tags by delivering a production-ready, user-facing NFC app and a POS app for vendors, along with the necessary smart contract updates. These apps will allow users to manage their accounts, check balances, and make secure transactions, while vendors can set up profiles, manage products, and handle payments using event-specific NFC tags. The apps will support multiple blockchain networks and provide enhanced security features.
Overview
The proposal will deliver two main apps—one for users and one for vendors—alongside updates to smart contracts for improved security and functionality. These apps will be designed with scalability in mind, allowing for seamless deployment across various blockchain networks. Core features include two-factor authentication, notifications for spending, and protection against NFC tag cloning.
Key Features
User App
- Create an account and attach NFC tags.
- View account balance and transaction history.
- Two-factor authentication for enhanced security.
- Push notifications for spending alerts.
- Deployable on multiple networks.
POS App
- Demo mode for App Store/Play Store review.
- Vendor profile setup.
- Event-specific tag configuration.
- Manual and product-based charging options.
- Deployable on multiple networks.
Smart Contracts
- Multi-chain deployment.
- Updated whitelist management.
- Security enhancements to prevent NFC tag cloning.
Current Status
The initial NFC transaction solution exists, compatible with standard account abstracted wallets. The Citizen Wallet NFC solution lets you send tokens to any NFC tag (including any “touchless” bank card!).
See demo
You can test the existing solution yourself:
- Generate a Brussels pay wallet: Turn any NFC tag into Brussels Pay wallet by tapping it to your phone. (You need to open this link on an android device as Apple does not allow NFC access to the browser)
- Example wallet: See an existing wallet. A read only view to see the information of you wallet.
We have also developed a POS where people can use their NFC tag to pay.
Phase 2 aims to extend this functionality to Safe Accounts while improving security and user experience through an app.
Risks
Integration Challenges
Mitigation: Perform thorough testing and involve relevant stakeholders.
Security Vulnerabilities
Mitigation: Strengthen NFC tag security and perform a security audit.
Resource Constraints
Mitigation: Ensure proper project management and seek additional resources as needed.
Timeline and Milestones
Phase 1: User-facing NFC App (Months 1-2)
- Core features: Create account, attach NFC tag, view balance/transactions, security.
- App Store/Play Store review.
Phase 2: POS App (Months 3-4)
-
Core features: Demo mode, vendor setup, tag configuration, product management.
-
App Store/Play Store review.
Phase 3: Smart Contracts (Months 5-6)
- Audit and address feedback.
- Implement security updates.
- Multi-chain deployment.
Initiative Lead
Citizen Wallet, under the legal entity Citizen Spring VZW.
Citizen wallet Twitter/X
Team
Currently the core team of Citizen wallet has 3 members.
- Xavier Damman - Software engineer
- xavier@citizenwallet.xyz-Twitter, LinkedIn
- Dad. Entrepreneur. Software engineer.
- Storify (2011)
- Open Collective (2015)
- Regens Unite (2022)
- Kevin Sundar Raj - Software engineer
- kevin@citizenwallet.xyz-Twitter, LinkedIn
- Native mobile app developer. Tech enthusiast. Solution Architect.
- IT consulting from Sri Lanka (2017)Appspotr 1 (2022)
- Jonas Boury - Product developer
- jonas@citizenwallet.xyz-Twitter, LinkedIn
- Passionate about sustainability and innovative products | Kitesurfer | Climber | Alternative currency enthusiast. Doing digital product development for several startups
- Yuso (2015)
- BloomUp (2020)
Additional Support/Resources
We request support for security audits, particularly related to smart contract security.
Implementation Dependencies
No changes to governance processes are required. The success of this proposal depends on SafeDAO approval and collaboration on smart contract audits and technical support.