Vault - Uncompromising Asset Security and Account Abstraction

This comprehensive detail totally quenches all thirst to be inquisitive further, really good job you’re doing out here, keep it up.
Goodluck as Hackathon progresses!

Hello

Our protocol has never launched before - so, as a consequence, not yet, but we certainly hope it will! Even one such case would justify the protocol’s existence in our eyes. The testnet iteration is currently live. The mainnet release is scheduled to be up in the second stage of the hackathon.

In the meantime, you can experiment with asset recovery on the testnet prototype and assume your wallet has been compromised or stolen. We demonstrate that in the pitch video we just recorded and which will be up shortly as well.

In the above thread I outlined how it works if you are curious and haven’t had the time to have a glance.

Hello.

Yes that’s right we mentioned that analogy priorly in one of our replies. Another crucial part of that comparison is that in the event your bank with your custom configuration security boxes gets breached, the robbers won’t be able to steal, move or pry open the contents of your security boxes. They can just be teleported to a more secure bank where you can open them with peace of mind.

Ok, I missed that. Thanks for directing me to it.

Hey all

Thank you for engaging with our submission and asking insightful questions.

Our team has done their best to answer all, and if you still have any queries please feel free to continue asking here, reach out on x.com or our telegram group linked in the forum post.

@Chukseucharia @manfred_jr @mahreenzahoor384 @JOHNY @Kojopapo @ines_valerie @Prince-Onscolo @Okorie @Lisa1 @Nweke-nature1.com @Gordian

We have just uploaded our video submission and would love to know what you guys think!

Video submission: https://youtu.be/TAwOC8HEnBU

@otta
With all honesty your project is amazing and mouthwatering.
I wish you d very best

After studying your project details I have some few questions that needs your clarification.

• How do you ensure the security of the mirrored assets that are used within the Web3 ecosystem, and also are there any risks associated with their use in external protocols.

• What step have you put in place to prevent replay attacks or double-spending of the mirrored assets.

• During the asset recovery process,how does your account abstraction system protect user privacy and security.

Hello.

• With regards to the security of the mirrored assets - this is the principal reason we have made them in the first place. Mirrored assets provide for configurable security based on the MFA configurations and parameters users and protocol developers enforce on them to have fine-grained control over asset transferrability, asset redemption from the core smart contract (unvaulting), and sybil resistance (Sybil attack - Wikipedia) for general operations. This level of fine-grained and customizable control has not previously been available to Web3 developers. We have also made using Web2 solutions for security possible to further the possibilities of how assets are secured. This also could potentially allow traditionally Web2 domains such as institutional banking or government to consider the benefits of Web3 for some of their systems such as decentralized immutable ledgers for records, audits, smart cities, etc. With regards to risk associated with their use in external protocols - there are no additional risks given that the dApps that utilize the mirrored assets are built in a secure and robust fashion - ideally fully trustless, serverless and open-source just like our dApp.
• Mirrored assets extend the ERC20 & ERC721 token standard - replay and double-spending isn’t possible at present any more than it would be for normal ERC20/TRC20/ERC721/TRC721s. The ERC20 & ERC721 is the highly reputable token standard developed by the Ethereum Foundation. We extend the most popular and battle-tested implementation - the OpenZeppelin variants - ERC 20 - OpenZeppelin Docs & ERC 721 - OpenZeppelin Docs. Some developers like to extend the standards to give themselves more control over token mechanics so they can stealthily steal user tokens/etc. Our mirrored ERCs are fully open source for that reason. The compiled bytecode and source code will be posted on the mainnet blockchain explorers for verification when we deploy to the mainnet.
• With regards to asset recovery, an extensive overview has been provided here: Vault - Uncompromising Asset Security and Account Abstraction - #51 by machineboy - in case you haven’t had a chance to take a look priorly. But with regards to user privacy and security - you can note that the entire process is trustless and serverless with MFAs configurable by the user just like all our other operations. We have taken great care to keep user privacy, security, and agency at the forefront of everything we have built.

Thank you for you’re reply to me, is this dao and the whole decision thing mostly for whales because I don’t think small holders will stand a chance, thank you

Hello. Of course not.

We will be putting several measures in place to prevent whales from having the most power in decision-making. Two of the most critical ones amongst others we are investigating:

• Quadratic Voting
  
  

  image1746×1516 120 KB
• Sybil Resistance: as you may know, our protocol allows for custom multifactor authentication sequences. We plan to leverage that to the fullest to ensure that an individual voter does not pretend to be several voters. (A Sybil attack is one where an attacker pretends to be several people at the same time - thereby allowing them to skew the votes in their favor)

Combined and implemented properly, the two above are very, very powerful antidotes to whales being the main driving force of what is meant to be a Decentralized Autonomous Organization.

Thank you for you’re replying to me this is very encouraging what you are doing, please tell me what are the challenges that you are expecting as you are implementing quadratic voting and the sybil resistance measure, thank you

Hello

• For Quadratic Voting: there are well documented guides and libraries/implementations for us to rely on, such as the following: Quadratic Voting: A How-To Guide | Gitcoin Blog
• For Sybil Resistance: the architecture of our protocol allows for customizable multifactor authentication through Zero Knowledge Proofs, Web2, and Web3 MFA providers. So while we are deciding on what exact sequence we will be integrating to allow for privacy-preserving identity verification, we do not anticipate significant challenges as we are able to integrate any combination of ZKPs/Web2 APIs/Web3 contracts for this.

Thank you for how you explain it to me I really have fun reading and now I am clear on everything

Would have to circle right back at you with the feedback.

Thanks for your response and warm explanation.

I need a clarity on this type of your voting system which will want to prevent the whales from hijacking decisions. A certain amount of voice credit is equivalent to a certain amount of vote. So what are the criteria in getting the voice credits?

Hello.

• the quantity of voice credits is the quantity of tokens owned by users
• the square root of the quantity of tokens owned is the quantity of votes granted
• to obtain tokens:
  • users can be part of fair airdrops available to all new users via sybil resistant privacy-preserving identity verification - such as a gitcoin passport
  • users can take part in referral programs
  • users can stake their tokens
  • users can purchase token supply from a DEX after a fair launch of the supply
• eventually, we aim for MFA providers to be able to charge custom prices for operations of certain MFA provider logic - allowing new users and MFA providers an incentive to earn

How does Vault differentiate itself from other asset recovery and protection solutions currently available on the market?

Hello @machineboy , thanks for all your lenghty and clear explanation of your progress towards our community. I have a couple questions:

• As I understood the vault mechanism is targeted for cold wallets or hot wallets which are not interacting much with DeFi, staking or other Ecosystem dApps, am I right? Due to the fact I will received mirror tokens which represents holding value of the original ones…
• If above is correct. Which measures are you gonna take to integrate your mirrored tokens to DeFi , staking , yield farming , etc platforms so your users can still enjoy the benefits of web3 even on their mirrored tokens?
• Any plans on bringing the vault to TRON as well
• Some people will not trust your system due to fear on assets being hacked on your SCs or your web2 infra getting leaks. What would you respond to such users to convince your solution is secure?
• Congratulations to the team for such a professional project!
• I tested the dApp and could not find a way to add BTT to the valut, is it feasible to add BTT as “vaultable” in the future?

Hello.

Vault differentiates itself from other asset recovery and protection solutions in a number of ways, with a good number of them being the first of their kind and never before introduced to Web3:

• A unique vaulting mechanism that secures original assets while providing usable mirrored tokens - mirrored assets are a thing of course but not behind a layer of custom protection
• Customizable security layers combining time-based and multi-factor authentication locks - this is a first of its kind yielding all of the control over asset security to the users and protocol developers to the degree desired
• A trustless asset recovery system that works even if a wallet is completely compromised - this is a first
• Seamless integration of Web2 security APIs into Web3 applications - our gas-less solution avoids oracles to achieve this - this is a first and the pattern we created can be leveraged by any other Web3 protocol, not just Vault - this is a demo of a very useful and powerful function we created to circumvent the Oracle problem in our case
• Flexible multi-factor authentication supporting both Web2 and Web3 providers - we allow users to mix and match between the two to even potentially integrate custom smart contracts as verifiers
• Easy integration into any new smart contract or DeFi application - our utilities can be integrated in as little as two lines of code into new protocols
• Chain-agnostic design for broad blockchain compatibility - as outlined in our milestones, we will be extending the functionality of vault to support cross-chain capabilities - some of which will potentially include new primitives such as trustless, instant cross-chain swaps facilitated by liquidity providers on both ends and secured by zero knowledge proofs and our smart contracts.