Project Name: Vault
Project Track: Builder
Team Name: Vault
Project Website: https://tronvault.net/
Video Submission: https://youtu.be/TAwOC8HEnBU
Team Member(s): @otta @machineboy @mazko @mbng
DevPost Project Link: Vault | Devpost
Project Goal:
- Recover Lost or Stolen Assets Securely
- Integrate Web2 APIs into Web3 Gaslessly
- Build Custom Security into Any Smart Contract
As blockchain ecosystems expand rapidly, with chains like Tron and BitTorrent experiencing significant growth in Total Value Locked (TVL) and user adoption, the need for sophisticated asset security becomes critical. Vault aims to revolutionize asset protection, offering a unique solution that goes beyond traditional smart contract wallets.
Our protocol introduces a groundbreaking approach to asset security, leveraging advanced technologies such as custom Web2/Web3 Multi-Factor Authentication (MFA), Zero-Knowledge Proofs (ZKPs), and Account Abstraction. What sets Vault apart is its innovative “vaulting” mechanism:
- Asset Vaulting: Users can secure their original tokens within Vault’s smart contract, receiving mirrored assets at a 1:1 ratio. These mirrored assets can be freely used across Web3 applications while the originals remain safely locked away.
- Customizable Security Layers: Vault allows users to implement time-based or MFA-based locks on their assets, providing unprecedented control over asset transferability.
- Trustless Asset Recovery System: In case of wallet compromise or loss, Vault enables full asset recovery through its completely trustless account abstraction system, a feature unmatched in the current blockchain security landscape.
Furthermore, Vault integrates a demonstration of our unique solution to the Oracle Problem (trustless, decentralized off-chain computation) prevalent on many chains, including Tron and BitTorrent, through an innovative approach:
- Web2 API Integration: We have developed a pattern that enables any Web3 application, including Vault, to securely leverage Web2 APIs for enhanced security measures. This is achieved through a gasless, secure, and reliable method using EIP-191 signatures, opening up new possibilities for blockchain security across all networks.
Project Value:
As the crypto space evolves, so do the sophisticated tactics of attackers exploiting vulnerabilities to steal valuable assets. Our team has experienced this threat firsthand, with one team member nearly losing tens of thousands of dollars in an elaborate keyboard clipper attack. Had Vault been available, these assets could have been easily recovered, demonstrating the critical need for our solution across all blockchain ecosystems.
Vault’s unique value lies in its comprehensive approach to asset security, recovery, and innovative use of Web2 technologies in the blockchain space:
- Unparalleled, Customizable Asset Protection: Vault’s vaulting mechanism provides a level of security that goes beyond simple wallet or smart contract protection. By securing original assets and issuing mirrored tokens, Vault creates a unique safety net for users’ valuable holdings.
- Revolutionary Recovery System: Unlike traditional wallets or security solutions, Vault allows users to recover their assets even if their wallet is completely compromised or lost – a feature that could potentially save users millions in assets, as demonstrated by our team member’s experience.
- Adaptive Security Measures: The ability to implement custom time-based and/or any number of custom MFA-based locks on assets provides users with flexible, situation-specific security options not available in other solutions.
- Bridging Web2 and Web3: Our innovative protocol for integrating Web2 APIs opens up a new realm of security possibilities. Any Web3 protocol can now leverage the much more fleshed out Web2 world in a gasless and trustless manner, enhancing the overall robustness of blockchain applications.
- Plug-and-Play: Vault can be integrated into ANY new smart contract or DeFi application to enable CUSTOM security logic and to protect assets in a custom manner within newly developed protocols.
- Chain-Agnostic Solution: While particularly beneficial for rapidly growing chains like Tron and BitTorrent that may lack advanced oracle services, Vault’s solution is designed to work across all blockchain networks, providing universal asset protection.
As blockchain adoption accelerates and networks like Tron and BitTorrent see skyrocketing TVL, Vault offers a timely and essential solution that redefines asset security. By introducing these unique features and bridging the gap between Web2 and Web3 security measures, Vault not only protects individual assets but also contributes to the overall stability and trustworthiness of the entire blockchain ecosystem. More security and recovery, especially if it is customizable, is extremely appealing to users and institutions. it can drop the percentage of assets stolen, lost and not recovered by a significant fraction and introduce traditionally apprehensive users such as banks.
Our market strategy will target both Web3 and Web2 sectors. In the Web3 space, we’ll partner with and integrate into DeFi, trading, and staking protocols, offering customizable security solutions to enhance their platforms. Simultaneously, we’ll collaborate with Web2 MFA providers and traditional sectors like banking and government, implementing blockchain-powered solutions for smart cities, digital identity verification, immutable public audits, and Sybil-resistant voting systems. This dual approach positions Vault as a comprehensive security solution bridging Web3 and Web2, facilitating broader blockchain adoption while providing bank-grade security across diverse sectors.
Project Info:
Video Submission: https://youtu.be/TAwOC8HEnBU
Project Website: https://tronvault.net
Socials: x.com
Project Test Instructions:
BitTorrent testnet wallet details: Network Details | Bittorrent-Chain Docs
BitTorrent block explorer: https://testnet.bttcscan.com/
BitTorrent testnet faucet: BTTC Faucet
Our current dApp User Guide: Vault_Testing_Instructions.pdf (1.7 MB)
Project Details:
Our dApp offers the following innovative features, all designed to be trustless, secure, and gasless where relevant:
- Vault: Securely store your tokens or NFTs within the Vault core smart contract. Users receive mirrored assets at a 1:1 rate, usable anywhere in Web3 (e.g., staking, DeFi, trading), while the original assets remain safely vaulted.
- Customizable Security Layers: Users can apply any combination of time-based locks and Multi-Factor Authentication (MFA) to their vaulted assets:
- Time Lock: Set a specific date and time for when the asset becomes transferrable.
- Custom MFA: Configure a customizable sequence of authentication steps required to access the asset.
- Unvault: Retrieving vaulted assets requires completing all applied security layers and exchanging the mirrored assets. This process is entirely trustless and secure.
- Lock: An optional additional security layer that completely disables outgoing transfers until unlocked. Unlocking requires satisfying the customized combination of time and MFA conditions set by the user.
- Asset Recovery: In case of wallet compromise or loss, users can recover vaulted assets to a new, secure wallet using our account abstraction system. This process is completely trustless and secure, leveraging zero-knowledge proofs.
- Future-Proof Design: We will be implementing gasless cross-chain account abstraction between the Tron and BitTorrent chains in the future. Plans include an asset/vaulted asset bridge for common assets like native chain assets and stablecoins. Asset recovery will also be cross-chain and instantaneous.
- Flexible MFA Integration:
- Web2 API-Based Providers: Any Web2 service can become an MFA provider by implementing a simple API endpoint. This endpoint processes custom payloads and generates EIP-191 signatures to verify MFA completion. Providers only need to deploy an instance of
ExternalSignerMFA
(specifying the public verification key of the signing key they will be using for EIP-191 signatures), and specify theirExternalSignerMFA
address and API URL in the Vault core smart contract. - Technical Implementation for Web2 API MFA Provider:
- Create API endpoint accepting:
POST {username, requestId, payload, timestamp}
- Implement custom verification logic
- If valid, create EIP-191 signature of: “
{username}-{requestId}-{unixTimestamp}
” - Return:
{message, msg_hash, v, r, s}
- Deploy
ExternalSignerMFA
with public key matching private signing key - Register provider in Vault core contract
- Create API endpoint accepting:
- Custom Web3 Providers: Easily integrate any Web3-based MFA solution by implementing the
IMFAProvider
interface. As an example, we implementedVaultMFA
, which uses zero-knowledge proofs to verify single-use per-vaulting/per-unlocking passwords without revealing sensitive information and does so completely trustlessly and on-chain. Users specify these passwords when locking/vaulting their tokens. - Technical Implementation for Web3 MFA Provider:
- Implement
IMFAProvider
interface - Define
getMFAData(username, requestId)
returning{success: bool, timestamp: uint256}
success
: whether MFA was completed successfullytimestamp
: when MFA was completed (for expiry checks)
- Implement
getMFAType()
returning provider name - Deploy contract
- Register provider in
VaultCore
contract
- Implement
- Please note that the above allows for any custom combination of arbitrarily complex Web2/Web3 verification logic.
- All features of the Vault protocol can be easily integrated into any new smart contract or DeFi protocol for custom security logic of all token operations. They become fully accessible upon importing the simple
IVaultCore
interface and specifying ourVaultCore
contract address. - We have developed a first-of-its-kind pattern to both protect and recover assets with account abstraction, the capability to leverage web2 in any web3 protocol, and the ability to leverage all our functionality with two lines of code. In practice, the Tron and BTT ecosystems and the dApps they are home to will have the ability to build more secure cross-chain bridging and cross-chain DEX operations with asset translation and quotes while still being protected by our account abstraction and recovery system.
- Web2 API-Based Providers: Any Web2 service can become an MFA provider by implementing a simple API endpoint. This endpoint processes custom payloads and generates EIP-191 signatures to verify MFA completion. Providers only need to deploy an instance of
This flexible architecture allows for the seamless integration of diverse security measures, ensuring that Vault remains at the forefront of blockchain asset protection. Additionally, the team took painstaking care to ensure the user experience was always held to a high standard. We developed an intuitive interface and went through countless design iterations on Figma and hours testing user flows to ensure the dApp would be easy to use. You can find our style guide linked below as a testament to that.
vault_design-guide.pdf (4.5 MB)
Smart Contract links:
Please browse on BTTC testnet explorer (https://testnet.bttcscan.com/)
Groth16Verifier
-0xf401a231ebf18c5c68C7B822F097834E42B9c793
MFAManager
-0xB9A979BcC82F93ff969EFa5B3e5B2EfE9654c19d
VaultCore
-0xb6eA1AC42c3efff1b81b20EA797CA2a9148606fB
VaultMFA
-0x97A7bF2a7E0A60Eca62801464351cC8a6cF525Be
ExternalSignerMFA
-0x079800318903E71032321b094f9b86864Ac195E7
ExternalSignerMFA
-0x96E41B93411bC5335DC0bA02e32A5f3Dbc85a691
ExternalSignerMFA
-0xE4CfcAC1A829bd9f83F7D66F138B64b150F79bce
TokenDataRetriever
-0x4A8829650B47fA716fdd774956e1418c05284e27
Project Milestones:
- Design Pattern for Generic Web2 API Support
- Implement UX design flows
- Build & Test Implementation
- Deploy Solution to testnet
- Deploy site to domain
- User Guide
- Finalize dApp uplift
- Pitch Deck
- Demo Video
- Deploy Solution to mainnet
Future Milestones
- Cross-chain Account Abstraction and recovery
- Vaulted stable-coin and native asset bridging across chains
- Integrate DAO, enhanced tokenomics. Implement quadratic voting and Sybil resistance measures
- Integration of DEX capabilities for vaulted assets, including cross-chain bridging/asset translation with quotes
- Eventually we aim for MFA providers to be able to charge custom prices for operations of certain MFA provider logic - allowing new users and MFA providers to earn
Testing and need developer support?
If you are testing and encounter any issues, please feel free to join our Telegram group linked below, and we can help you work through any issues.