[SEP 33] [OBRA] Safe Accounts for NFC Tags - Citizen Wallet

Safe Accounts for NFC tags

A Safe on your wrist!

Abstract

We would like to create a Safe Module to allow Safe Accounts to be generated for NFC tags (useful for doing physical transactions at events for example).

With NFC wallet, we already provide Smart NFC Accounts that are ideal for real-world use cases requiring quick and simple transaction settlement. They can be used for events or for community tokens. Within the scope of this project, we would like to upgrade our implementation to use Safe Smart Accounts.

You can find our project pitch deck here:
NFC Wallet Presentation-small.pdf (713.4 KB)

Aligned strategy: Which pre-approved strategy is this initiative driving forward?

Foster module ecosystem

Funding request: What resources are being requested from SafeDAO in USDC?

10 000 USDC

Relation to budget:

3% of total budget

Metrics and KPIs: Which metrics and KPIs will the initiative be measured against?

We believe the initiative should be measured against:

  • Quality level of proposed modules.
  • Assessing the ease of use to set up the account
  • Assessing the security of the implementation
  • Usage of modules: We plan to use the implementation at several events where we will measure the transaction volume, number of unique users and user satisfaction.

By regularly monitoring these metrics and KPIs, we will be able to assess the performance and impact of our initiative, make data-driven decisions, and ensure that we are meeting the needs and expectations of our users and stakeholders.

Initiative Description: What is the initiative about?

Objective:

Our project aims to create a Safe Card Manager Module which will enable NFC tags to use Safe Accounts. This enables the tag to conduct physical transactions with whitelisted vendors. Event organizers are able to instantiate their own Account Factory which will generate unique Accounts for that specific instance.

In order to achieve this with Safe, we need to explore the usage of Safe Accounts for this use case and deliver an MVP solution. We want to validate the usage and implementation with SafeDAO.

The end goal is to submit another proposal to build a web interface for the Card Management and include it as an app in the Safe dashboard.

Overview:

NFC technology allows for seamless and contactless interactions, making it ideal for environments where speed and convenience are paramount. Our current NFC accounts have proven effective for various real-world applications. However, to further increase security and functionality, we plan to upgrade our implementation to leverage the robust features of Safe Wallets.

Key Features:

  • Users don’t need to install anything: They can be completely offline and simply use their NFC tag to receive/send.

  • Partial offline usage: Only vendors with their Kiosks require an internet connection.

  • Users don’t realize that it’s Web3: No gas fees, no seed phrases and still on-chain.

  • Account Abstraction: NFC tags are linked to an account derived counterfactually from their UIDs.

  • Vendors have custody over the funds they collect: Vendors install a Kiosk App (iOS or Android) which they get whitelisted by the event organizer and use to charge customers. The Kiosk app operates its own Safe and has control over its own Safe normally through ERC4337.

  • Ease of Use: The NFC badges or tags enable quick and effortless transactions, simply by tapping the badge or tag against an NFC reader. This simplifies the process for users, particularly in busy or high-traffic environments.

  • Versatile Applications: The integrated solution is perfect for various use cases, including:

    • Event Management: Attendees can use NFC badges for ticketing, access control, and purchases within the event venue.

    • Community Tokens: Communities can issue tokens that members can use for services, goods, or rewards, facilitating local economies and engagement.

Our initiative has 3 components:

  1. Web app that displays the contents of the Smart Account relevant to the event.

  2. Kiosk App (iOS & Android): a mobile application that serves as point of sale or faucet where you can withdraw or add tokens to an NFC tag.
    For these users (which will be businesses most of the time) it would be very beneficial that their Kiosk is a Safe Account. That way they would get access to features of the Safe ecosystem and the Safe dashboard. Definitely the multisig functionality would be a useful security measure if the PoS is used by multiple people.

  3. NFC Card Manager: A smart contract which handles the whitelist and account generation for NFC tags.

Current status: Does the offering (product/service) already exist or is the funding used to create it?

We have already built an NFC transaction solution compatible with standard account abstracted wallets. The goal of the funding is to make it compatible with Safe Accounts and to improve the security of the implementation. The system is being used at several events within the crypto ecosystem. The latest event was Celo Gather Berlin: https://citizenwallet.xyz/posts/implementing-nfc-wallet-at-celogather

Risks: What risks does the initiative entail?

Integration Challenges:

  • Risk: The integration of NFC technology with Safe wallets may encounter technical difficulties, such as compatibility issues or unforeseen bugs.
  • Mitigation: Conduct thorough testing in various environments, maintain a robust debugging process, and collaborate closely with the technical teams of both Safe and NFC technologies.

Security Vulnerabilities:

  • Risk: Cards can be emulated or cloned with specific readers.
  • Mitigation: Salt the NFC tags (mitigates serial number guessing), use the secure memory of NTAGs (mitigates cloning), and inform Kiosk users to look out for non-standard cards or other devices.

Partnership Dependency:

  • Risk: The success of the project depends on establishing and maintaining partnerships with event organizers and community leaders.

  • Mitigation: Develop a robust partnership strategy, including clear communication of benefits and collaborative engagement plans. Diversify partnerships to avoid over-reliance on a few key partners.

Resource Constraints:

  • Risk: The project may face resource constraints, such as limited funding, manpower, or technical expertise.

  • Mitigation: Ensure proper project planning and budgeting, seek additional funding opportunities, and consider outsourcing or collaborating with specialized firms for technical development.

Timeline and milestones: Provide a detailed timeline or roadmap, include key milestones

Phase 1: Deployment of a Safe Card Manager Module (week 1- 2)

Milestones:

• Convert any NFC card into a Safe Smart Account.

• Enable simple tap-to-pay transactions using NFC cards.

Phase 2: Update the web interface to take into account differences arising from using a Safe Account (week 3)

Milestones:

• Web interface shows balance, allows you to edit your profile.

Phase 3: Update of Kiosk App (week 4)

Milestones:

• Update the Kiosk/POS app to use Safe Accounts.

• Make the internal testing version available on the App Store and Play Stores for those who need it.

Phase 4: Submit for review to SafeDAO (week 4)

Milestones:

• A working demo on Gnosis Chain between a Kiosk and an NFC tag

• On chain data of the transaction

Initiative lead: Who is the accountable initiative lead?

Citizen Wallet. We are a Belgian non-profit developing open-source software solutions for community currencies. Our legal entity is called Citizen Spring VZW (https://citizenspring.earth/)

Legal details:
Rue de Villers 12, 1000 Brussels
BE0804505132

Team

Currently the core team of Citizen wallet has 3 members.

Additional support/resources: Are there any resources (non-financial) requested from the Safe Ecosystem Foundation or the core contributors?

It would be great to get some contacts who can help us with the security audit of our implementation.

Implementation dependencies:

Does the implementation of this initiative require any prior changes in the current governance processes, e.g., updates to the governance framework, or have any other dependencies? If yes, please specify these. Note that the funding of the initiative will be dependent on the approval and (if needed) successful implementation of such necessary governance modifications or any other dependency.

No

2 Likes

Hi @jboury, Thanks for taking the time to create a proposal.

If you want to move your proposal to Phase 1, The proposal needs to be submitted as Phase 1 by today, Monday at 23:59 UTC.

As this follows the template correctly, I would suggest submitting directly as Phase 1 by updating the title to [Draft] [OBRA] and changing into Phase 1 category.

Also, we usually have Phase 1 proposals present at the Governance call which is this Wednesday at 16:00 UTC. Can you make it? If so, please DM me your email on Discourse or Discord (@amy_safe).

Hi @jboury - super excited about this proposal. Having collaborated with Citizen Wallet at Celo Gather, I can attest that the tech is awesome. I see a lot of potential to integrate NFC Tags with Ecosystem Accounts - if everything aligns, we might be able to create an exciting program for DevCon!

1 Like

I am a Safe Guardian with sufficient voting power , and I believe this proposal is ready to move to a vote.

As a delegate with sufficient voting power , I believe this is ready for a vote!

As a Delegate with sufficient Voting power, we believe this proposal is ready to move to vote.

CC:@0xBaer

Proposal is live on Snapshot. Voting starts tomorrow and runs until July 8th.

2 Likes

Hi @jboury
thank you for your proposal, which I like. The link you provided returns a 404: https://citizenwallet.net/nfc-wallet-to-make . So does https://citizenwallet.net/
Thank you for checking.

BR

Malik

@Malik_ElBay sorry about that the website was recently deployed to our main domain: https://citizenwallet.xyz
So the correct link is: NFC wallet

Cool, thank you! Maybe set up a permanent redirect on your old domain. I really like your product.
In Switzerland, a few years ago cashless payment systems were implemented on a few major festivals. E.g. Gurtenfestival Bern | Info but until now, you have to have a card. I can imagine, that these festivals would be very interested in your solution. Maybe in a colab with Gnosis Pay to ensure that the usual payment rails can be used.

I don’t fully understand the idea; how will this work? Will we need to gather a quorum on-site? Or if it’s a Safe NFC address, what will the use case look like?

Hi Jen,
I don’t really understand the first part of your question. Could you clarify?
With respect to the use cases, it’s about adding a physical beacon to your safe to allow some small transactions to go through with very low friction.

This will enable communities to have a cheap way to have their own touchless payment system that doesn’t require investing in expensive Java cards and terminals, with the security guarantees offered by Safe.

Thank you very much for your explanation. I appreciate your detailed response. Yes, I will clarify my first question.

My question is how exactly this will work with a multisig on NFC.
Will a quorum of signers be required to use the Safe? Or is the idea that a customer on the multisig side will have some allowance for using it?

As of July 8, 2024, this proposal has been ratified.

1 Like

The link above https://citizenwallet.net/nfc-wallet-to-make seems broken