ProxyWallet

People struggle making sure their counterparty won't go rogue after they execute an agreement We solve it with a wallet that allows to blacklist rogue functions&ensure good functions will be executed

Comment

Inspiration

We have seen various attempts in the community to create NFT rental protocols. The problem with these protocols is that only new projects can adapt to them, as it's a new standard.

These protocols try to challenge the same one problem: "How do we trust, that a person will return an NFT back to its original owner after the rental period, and will not go rogue and transfer the NFT to some other person?"

This problem can be abstracted away and considered as: "How do we trust, that a person will execute a certain transaction at some particular point of time, and will not execute certain other transactions before then?"

After having it abstracted away, we have come up with a smart-contract wallet solution that is compatible with any NFT, ERC20, and other ERC standards. There is no need to re-write your projects from the "NFT" to an "NFT_Rent" Standard.

So, we have been inspired by non-compatible solutions, and now we have created a new, compatible solution, that is a very useful infrastructure itself.

What it does

We have two problems in the modern infrastructure:

  1. How do we trust, that a person WILL NOT execute certain other transactions before a deal closes (e.g NFT Rental)?
  2. How do we trust, that a person WILL execute a certain transaction at some particular point of time?

These two problems are solved using:

  1. Blacklisting transactions inside the smart-contract wallet. The wallet owner gets blacklisted from executing a malicious function.
  2. Scheduling transactions inside the smart-contract wallet. The wallet owner specifies the transaction details and the date of execution.

In the next two sections we will explore how this is achieved technically.

Blacklisting actions of your wallet

The blacklisting transaction calldata is an essential part to guarantee that you wouldn't execute a malicious transaction, such as transferring an NFT to an EOA address, which cannot guarantee an NFT return.

In the smart-contracts code, there are a few essential lines like this one:

mapping(address => mapping(bytes4 => bool)) public blacklistedFunctions;

This mapping is used to blacklist wallet transactions.

And the following line validates that a transaction that a user wants to execute is not blacklisted:

require(!blacklistedFunctions[to][selector], "CW: func is blaclisted");

Scheduling transactions for the future

This is where the Chainlink Automation kicks in.

If there is a case where a user should guarantee to a counterparty, that they would execute some transaction but only in the future, they should use the scheduling of transactions.

It works in the following way:

  1. Owner of the smart-contract wallet chooses the transaction calldata that will be sent to the blockchain
  2. Then, they choose when it will be executed.
  3. After that, they provide the estimated fees multiplied by a safe coefficient to ensure that the transaction will go through.

In the end, the transaction gets auto executed by the chainlink automation.

To ensure fault-tolerancy, the auto-execute functions have been made available to anybody. So, if for example, an owner of an NFT sees that the automation transaction failed (for whatever reason), they could execute it themselves.

How we built it

Wallets work using the minimal proxy contract standard, which allows for a better gas efficiency when creating a new wallet.

The wallets are smart-contracts, and we have built a wallet extension that interacts with dApps through the proxy smart-contracts, as opposed to EOA address.

The technologies that have been used include, but are not limited to: React, TypeScript, Chainlink Automation, Solidity, Hardhat.

Challenges we ran into

  1. It is difficult to list a wallet extension on the google chrome extensions market, so currently you would need to run it locally to test it.
  2. It is impossible to blacklist generic calldata, such as "transfer to ANY address except A". Thus, we should instead whitelist the A address, and have the blacklist turned on automatically. This is not something we had time to do, but we will redo it after the hackathon.

Accomplishments that we're proud of

  1. Written the wallet under a pressured one week timeline (we have found out about the hackathon only on the previous Sunday)
  2. We have solved the challenge many people solve, but we did it with a completely different architecture that no one has thought of so far. This architecture is simply moving the solution from the smart-contract layer to the wallet layer. So, that's how we get "smart-contract wallet"

What we learned

We should regularly monitor new hackathons :D

What's next for ProxyWallet

  1. Improve "Blacklisting" functionality by introducing "Whitelisting" with automated Blacklists. Basically, all the functions of a certain contract would be auto-blacklisted, and the owner of the wallet would decide, which to whitelist. Then, their counterparty would verify that by looking at the contract's state.
  2. Implement Ownable interface into the Smart-Contract Wallet. This would allow it to be transferred, and rented.

Roadmap Ideas

  1. Add more networks
  2. More Security features
  3. Detector of Scam transactions (Honeypots, etc.), with warnings issued to users regarding that
  4. Rarity NFT display
  5. DeBank integration to display how valuable the wallet is
  6. On-Paid-Basis AML integration, with which users can track their assets and know they're clean and not dirty (not after mixers and stuff). Warnings issued to users if they're about to sign a transaction associated with a dirty address.

Improvement Project

The idea appeared a year ago. But until now, no serious development was made. Basically, we had to write everything from scratch (except from forking some libraries and wallet extension code), but to avoid misunderstandings - this is a project that we thought of a year ago. Stating that clearly.

FAQ

  1. Renting NFTs is not a scam. It is useful for cases like: 1.1. Renting Houses / Cars / Other Property in metaverses 1.2 Renting in-game characters or items in GameFi 1.3 Using NFTs with utility in DeFi protocols.
  2. The wallet itself is not just about renting NFTs. The wallet is a technology that allows for it. It is a technology based on Blacklisting and Automated Function Executions (thanks to Chainlink).

With this solution, you can do much more than just renting NFTs. At least, you can also rent Ownable smart-contracts, without having others to worry about you executing some sensitive transactions.

+ 6 more
Share this project:

Updates