This proposal was previously posted in Phase 0 discussion: [Discussion] [OBRA] Module Publishing, Audit Attestation Platform and Marketplace - ZenGuard
Aligned strategy:
Strategy 2: Foster Module Ecosystem
Funding request:
60,000 USDC, streamed over 15 weeks
Relation to budget:
20%
Abstract:
Safe Accounts have been modular long before any of the modular smart account standards were proposed. Safe has done tremendous work to promote modular smart accounts by enabling features such as Spend limits and Recovery on the Safe Wallet. We believe this is just the tip of the iceberg. To foster modular Safe Accounts and promote more developers to build secure and usable modules that can be trusted, we propose a platform built on the Safe{Core} Protocol that allows developers to build and publish modules, streamlining the development process and risk assessment via on-chain audit verification. Additionally, providing a Module marketplace for users to easily explore and enable these modules. This initiative’s overall vision is to bring developers to build diverse modules that can be audited and provide on-chain security verification so that all kinds of Safe Account users can enhance their account features securely.
Metrics and KPIs:
We can use the below KPIs to measure the outcome:
-
Devs and auditors onboarded via dashboard (https://dashboard.zenguard.xyz)
-
Audit attested modules listed at: https://explore.zenguard.xyz
-
Public announcements through social media, blogs, docs published and demo videos
-
Dune analytics of Safe accounts that enabled the listed modules.
Initiative description:
ZenGuard proposes to foster the module ecosystem of Safe by standardizing developer publishing, module verification, and module enabling, upgrading experiences via a platform built on top of the Safe{Core} Protocol.
To foster and grow the module ecosystem of Safe, module developers, module auditors, and users are all important stakeholders. Without the right balance of these stakeholders, it would be hard to achieve the modular smart account utopia.
At ZenGuard, we are working on exactly this by providing a dashboard for developers to publish developed modules after their verification. The dashboard will also onboard auditors to audit the modules and provide on-chain security attestation to verify the module while being enabled by the Safe user.
ZenGuard will also provide a module explorer Safe App that lists and allows Safe users to securely enable, disable, or upgrade their modules onto their Safe accounts. As part of auditor onboarding, we will be partnering with a few well-known auditors. We are already in talks with a few to get initial feedback. As part of onboarding the developers, we target existing Safe module devs through hackathons, community, and grants. We are also well-connected with a few universities where we intend to spread awareness, training, and onboarding through workshops to get quality devs.
Our mission of the initiative is to onboard devs and auditors to collectively build a secure and diverse module ecosystem to build much-needed modules for the Safe users. The list we intend to cover but not limited to: https://notes.zenguard.xyz/module-research.
We also intend to work on an SDK that extends Safe{Core} SDKs and allows third-party auditors, developers to seamlessly integrate and automate the functionality pointed earlier and also allow other Safe-enabled wallet providers to extend the secure module functionality.
Current status:
We had developed the MPV of the platform as a part of Safe Grants Program Wave 1 with a small grant spanning 2 months. Here is a brief of the milestones and tasks achieved: https://notes.zenguard.xyz/sgp
We successfully built the developer and auditor dashboard to securely verify and onboard them and allow them to publish and attest the modules. We leverage technology/ standards such as Gitcoin Passport, EAS along with Safe {Core} Protocol registry and EIP-7512 specs to make the platform much more secure and sybil resistant.
A few links of the works:
-
Module dashboard: https://dashboard.zenguard.xyz
-
Here is a quick demo of the module publishing: https://youtu.be/CQspDgZsxAU
We also onboarded Safe account users to enable the modules through Safe App explorer.
-
Module explorer: https://explore.zenguard.xyz
-
Here is a quick demo of the module explorer Safe App: https://youtu.be/myIRwe1k3y8
To ensure that we onboard the much needed modules during the initial phase we even conducted a survey (https://survey.zenguard.xyz) to verify the claims. Post that we internally developed a few modules including passkey recovery, whitelist hook and crypto sharing via link. The crypto sharing via links that was developed at ETHIndia leveraging Safe 4337 module ended up as the finalist. Post hackathon it received great traction in the 4337 and Safe community and we are working with Peanut Protocol, Plimlico for the partnership to enhance further.
Here are a few demos of modules listed:
-
Crypto sharing via link module App (Safe2Link): https://youtu.be/wN7K_cafzcc
-
Whitelist module: https://youtu.be/myIRwe1k3y8
We have also made good progress in the initial talks with the auditors to get feedback and onboard them to the first version with QuillAudits, Secureum and a few independent auditors supporting EIP-7512.
Risks:
Secure publishing and security of the module is of the utmost priority working with credible auditors on our platform. Still, there is always a risk involved with single audits and this is why we are exploring secure multiple attestations adhering to the proposed EIP-7512 standard.
Safe {Core} Protocol on which our registry is based is still at a nascent stage and hasn’t been audited but our solution will evolve with more onboarding, feedback, stress testing and audits.
Timeline and milestones:
We have created a milestones based on timeline but in no specific order as we will be working on few things at the same time.
Milestone Objective | Description and Outcome | Duration | Budget (USDC) |
Module developers onboarding | - Onboarding module developers to develop, build the module using the standard template and publish (~ 100 devs). - Developing secure module templates, docs for SDK/ App to help with the entire lifecycle from development till publishing. - Conducting workshops and hackathons at universities, dev meetups. - Implementing initial developer incentivization feature. |
4 Weeks | 10,000 |
Module auditors onboarding/ feedbacks/ partnerships | - Onboarding auditors to the dashboard to enable onchain audit attestations. These are aligned with the EIP-7512. - Developing docs for SDK/ App to help with the entire lifecycle of auditor - Partnering with auditors (~10) to audit the first 20 modules Upgrading the attestation, verification features based on the feedbacks |
4 Weeks | 20,000 |
Safe {Wallet} user adoption | - Onboarding Safe Wallet users (~1000) through the Safe App to enable modules. - Launching the App on the requested mainnets (We have done a survey) and updates based on feedback. |
3 Weeks | 10,000 |
Third party Safe account integrations/ partnerships | - SDK development leveraging the Safe {Core} SDK to add all the APIs for developers. auditors and Safe users for publishing, attesting, enabling etc. - Developing docs for the SDK for any use case integration. Focussing majorly on the wallets. - Wallet provider partnerships to leverage module API integrations directly on the wallets. |
4 Weeks | 20,000 |
Initiative lead:
Koshik Raj, Tech Lead at ZenGuard who has been in the security and crypto space since 2016. Has been contributing the wallet space since 2020, full time into the AA and Safe ecosystem since 2022. Also, the point of contact for ZenGuard at Safe Grants Program Wave 1.
Team:
ZenGuard has a lean team of 4 with fulltime and partime contributors. Team members expertized in infrastructure, core contract development, architecture, design, frontend, partnership and community. The team has working experience at QuillAudits, Questbook, Graph Protocol, RSA Security etc. We will be adding more expertised folks to the initiative based on the commitment for each phase.
Additional support/resources:
Although we are exploring the partnerships, onboarding devs and auditors through the Safe community, it’s always helpful to have leads and initial intros. We benefited from marketing support earlier from the Safe Grants, so we would love that support.