Using your Safe as an account should be secure AND easy-to-use
Safe’s launch of the January 2023 Take Back Back Ownership movement is a perfect time to prioritize both technical and UX opportunities that have a large impact on Safe adoption and usability for both financial and account ownership. The past few months I’ve been exploring sign in with Ethereum (SIWE) platforms like Farcaster and Lens Protocol/Lenster.
The current state of crypto wallets as accounts is inconvenient and/or not secure.
- Tokens like NFTs and approved wallet addresses are used for gated communities, products, and services.
- You need to use a wallet that you have daily access to in order to regularly use these apps, making this process insecure.
- Or you can go through the inconvenience of accessing a cold storage wallet every time for access to these apps.
For users that sign in with a secure cold wallet and/or a Safe the UX with most SIWE and token-gated apps is not sustainable because these more secure wallets are more complex to access by design. Without a change in UX these platforms that are pioneering self-ownership of identity, messaging, and data will fail to gain adoption leaving us with the same centralized options.
A Tweet by DCinvestor at the end of 2022 introduced me to the strategy of delegating access from secure accounts to accessible accounts.
- This works by a secure wallet delegating custom and flexible access to apps to an easy-to-use and accessible wallet.
- E.g. Allow a hot wallet to claim airdrops that are deposited into cold storage.
In SafeDAO we have the option to do this currently with SAFE tokens and governance. A SAFE token holder can delegate their tokens to another address to vote directly on Safe Ecosystem Proposals (SEPs) powered by Snapshot.
- SAFE holder signs an on-chain transaction that writes to Snapshot’s publicly accessible registry of approvals granting voting power denominated in SAFE tokens to a specific delegate.
- That delegate votes on a SEP and Snapshot reads from the registry in order to determine the amount of voting power based on the delegate’s tokens held and and the tokens delegated to them.
This led me to the Delegate Cash team who is focusing on solving this through a variety of open and immutable strategies including EIP-5649. They take a similar approach to Snapshot. However, with a public registry that anyone can write and read from for their wallets, accounts, and apps. Delegate Cash currently secures $240mm. foobar explains Delegate Cash clearly and succinctly in this post.
Solution for Safes
These features could live within a Safe module in the desktop, web, and mobile apps similar to the Spending Limit module. Strategically, it’d be best to focus on an initial killer use case first, like delegating token gating, or whatever the community decides is most impactful.
- Manage delegations: Set permissions, view, and revoke
- Build custom permissions
- View all active and past permissions
- E.g. All or specific owners can revoke access.
- Time parameters
- More convenient self-access to other apps
- E.g. Social and gaming
- Compartmentalize access
- E.g. Different levels of access for social and gaming vs finance vs treasury apps
- Social recovery governance permission
- Specific permissions to apps, features, and limits
- Issue shares by delegating NFTs or tokens
- Instead of sharing multiple signing keys
- Improve Spending Limit module
- Extend spending limits to non-owner wallets
- Potential to build off of or improve Snapshot delegation of $SAFE governance tokens
Note: It’s important to be mindful of module naming as a potential token allowance management module, e.g. Revoke.cash, and delegation module would need to be clearly communicated.
The Delegate Cash team is open to working together with both the core Safe team and ecosystem of developers on top of Safe to build solutions and help publicly support adoption of these new features.
- Customization/white labeling
- Can abstract the Delegate.cash technology completely from the UX or partner with Delegate.cash to showcase it.
- Delegate.cash (Including foobar) have bandwidth to support co-marketing efforts
The Castle wallet built on Safe has integrated Delegate Cash for the BAYC and MAYC tokens and is a great example of Safe’s use case with delegation.
- Wallet addresses
- Contracts like Uniswap and LensProtocol
- Tokens like ERC-20, NFTs like ERC-721, and etc.
Networks – Ethereum, Polygon, and Goerli (Compatible on all EVM protocols)
- Smart contract
- Integrate with a trusted provider who has integrated, e.g. A bridging service.
As an alternative to delegation registries apps could allow users to save their sign in app token (not crypto token) via web and mobile cookies. Similar to how you can sign into Twitter on Firefox and stay logged in for days. This helps with convenience, but still is a security issue given the secure wallet may need to be accessed from time to time.
Other delegation tools
- Items to research
- How do these compare from a high-level in terms of implementation?
Do they require trust in a third party for the off-chain transactions?
- I do not see a mention of on-chain transactions or making use of existing or new EIPs, e.g. EIP-5649.