Open in app

Sign in

Write

Sign in

How to get sovereignty of your Smart Wallet?

MYKEY
MYKEY Lab
Published in
7 min readNov 12, 2020

Writer: Xiang Yao

From Subscribe: Smart Wallet Trend

Background

Last week, I published the first article, which briefly introduces the overview development of Smart Wallets. A critical suspicion on Smart Wallet is that the assets are custodial, which indicates the wallet operator can dispose of the assets. In this article, I will analyze the Smart Wallet’s sovereignty and give some examples of how to control your wallet fully.

What is sovereignty?

Sovereignty means the user can fully control the account. For EOA, the one who owns the corresponding private key has sovereignty. If the third party holds the private key, the account is custodial. For contract accounts of Smart Wallet, sovereignty is much sophisticated because of the logic of diversity. However, it can be judged from three aspects: (1) What’s the highest authority of the account? (2)Does a designated third party(trustee) have a way to take over the account or freeze the assets? (3)Does the user has a way to send ANY transactions WITHOUT the permission of a third party? (4)Is the account contract upgradable, and is it rejectable?

What can a trustee do with the account and assets?

Most Smart Wallets enable account recovery and emergency operations via authentication off-chain, which means a designated third party(trustee) can change the owner of the account. The trustee can be the wallet provider, a hardware wallet, a seed phrase on paper that user assigns, such as the other wallet the user owns, families, and trusted friends. Different Smart Wallets grant the trustee(s) different authorities:

  1. Change the owner of the account.
  2. Add a new owner of the account.
  3. Assist in accelerating the security process.
  4. Freeze or restrict the account.

The introduction of a trustee has increased the robustness of the account but also increases the risk of trust. However, the trustee’s authority is restricted and may be canceled, so users still have the highest authority.

In the contract level, the trustee can be anyone. Still, most products only have a defaulting trustee operated by the wallet provider who authenticates users via email, phone number, and identity documents.

What’s the highest authority of the account?

The account owner has the highest authority of the account, who can change the state of account arbitrarily and forcibly. Though a trustee has some privileges to change the account owner or freeze it, the account owner can disrupt the flinching behavior and remove the trustee(s). The account owner is a private key or a group of keys with pre-defined logic and may be saved in several forms.

  1. The owner is a private key that is kept offline. — e.g., MYKEY
  2. The owner is a private key that is kept locally (e.g., in the smartphone) but CANNOT be exported. -e.g., Argent, Dharma
  3. The owner is a private key that is kept locally and can be exported. -e.g., Monolith
  4. The owner is a private key that is kept on the cloud and can be exported. -e.g., Authereum
  5. The owner is a (k,n) threshold of private keys while some can be exported. e.g., Gnosis, Dapper

All crypto wallets are trying to protect the private key to avoid loss, and Smart Wallets have different methods to reduce the single point risk.

Of all these products, smart design in MYKEY is what I’m most interested in introducing. MYKEY separates the authority into the administrative authority and operational authority. The admin key has the highest authority but cannot perform normal transactions; thus, it can always be kept offline. With the delay mechanism and the assistance of Emergency Contacts, the compromise of an administrator’s key will still not cause fatal damage.

Can I send transactions without the wallet interface?

Smart Wallets use meta-transaction to broadcast the transaction. Anyone with a valid signature can send the transaction. Typically, most users use the wallet interface to send transactions that rely on the relayer service by the wallet provider. What if the provider stops relayer service? Smart Wallets give different solutions. For most Smart Wallets, the signing key is the owner key or one of the owner keys. For MYKEY users, the operation key is instead.

  1. The signing key can be exported so users can package transactions without the wallet. e.g., MYKEY, Monolith, Gnosis, Dapper
  2. The signing key cannot be exported, but users can extract raw signatures from the wallet. e.g., Argent.
  3. The signing key nor the signatures can be exported, so users need to change the key through the trustee(s). e.g., Dharma

Unlike ordinary wallets, Smart Wallets only sign transactions; the transaction package and broadcast are done by the backend service. Sending transactions without relying on the wallet interface makes it possible to stay liveness when the wallet provider doesn’t work. However, it’s hard to package transactions with etherscan or CLI clients(geth, parity…) for ordinary people, so this only works for the hardcore players. Argent gives a good demonstration for avoiding service interruptions, but there’s still a threshold. Most users are not able to dispose of their assets.

What can I do if I don’t want to upgrade the contract?

Smart contracts in Ethereum are immutable by default. However, for some scenarios, to add additional features or fix potential vulnerabilities, most projects create upgradeable contracts. Therefore, it threatens the account security.

Most Smart Wallets have a modular design, and the upgrade means enabling a new module, or enabling a new module and disabling the old one. Enabling or disabling a module needs authentication, but most of the Smart Wallets will force users to upgrade. Otherwise, they cannot use the wallet anymore unless they use the exported owner key to control the account.

How to make a perfect upgrade?

What’s a perfect upgrade?

The perfect upgrade guarantees trustless, secure, and it’s better with fewer costs.

How to make it trustless?

Trustless means users are free to choose. In terms of implementation, the upgrade needs authentication, or there’s enough long time for users to migrate to another account.

Who can make an upgrade?

The contract allows a “privileged user” to approve a new contract. Currently, the “privileged user” is the wallet provider. It can be an EOA or MultiSig account. There are no apparent trends that Smart Wallets will change to DAO governance.

Are the users forced to upgrade?

By design, users have the right to choose to upgrade or not. There’re two main implementations.

  1. The upgrade is not global, and each user authenticates for an upgrade.
  2. The upgrade is global but has a long enough waiting period, any user with doubt can migrate account.

In reality, users cannot use the wallet without accepting an upgrade in case 1 and may miss the warning notification in case 2.

Is the upgrade immediately?

The upgrade process requires a public notice period so that more users are likely to get informed. The waiting period can be on-chain or off-chain, while the former is more secure, and the latter is more flexible for emergency cases.

However, most Smart Wallets don’t have a standardized upgrade process. MYKEY has a webpage to list the upgrade rule and upgrade history.

How to make it secure?

Secure is the most critical issue for the wallet. A lot of efforts should be made to guarantee the assets are safe. Security audits and bug bounty are common methods.

Security Audit

The outstanding security institutions are well auditing all Smart Wallets, it’s important to make every planned upgrade well audited before upgrading. Most Smart Wallets hasn’t disclosed every audit reports yet.

Bug Bounty

It’s essential to put the source code to the examination of more experts, that’s why we need a bug bounty. In June 2020, Open Zeppelin disclosed a vulnerability of Argent and helped them to fix the vulnerable smart contract. Open Zeppelin gets the reward of High severity, which is up to $25,000. As far as I know, Argent, Monolith, Gnosis, MYKEY, and Authereum have their bug bounty programs.

How to make it cheaper?

The cost of the upgrade is a less-discussed issue. In case the upgrade is global, then it’s not a problem. However, if the upgrade needs every user’s agreement, meaning that it needs 1 billion additional transactions for 1 billion users’ upgrade. Is it reasonable and practical? Is rollup technology helpful with that?

How to fully control a Smart Wallet account?

No operating manuals will be given to let you “escape from” your Smart Wallets. I just want to point out the direction and key points. Not all Smart Wallets are listed below.

Argent

It’s important to own a guardian by yourself, in case you lost your phone, and the official guardian doesn’t work. You can use https://security.argent.xyz/ to do so. Metamask, Ledger Nano, and Trezor are supported presently.

MYKEY

Always keep safe of your recovery phrase(the admin key), in case MYKEY doesn’t work properly, follow the Nirvana Plan, and use the tools to control your accounts.

MONOLITH

Take care of your seed phrase, and read this article.

Conclusion

Most Smart Wallets guarantee sovereignty while there’s still much room for improvement. In the normal state, users can take control of their identity and property. Extra attention needs to be paid to the upgrade process. Smart Wallets can provide a more transparent and standardized upgrade to ensure trustless and secure.

About Smart Wallet Trend

Smart Wallet Trend is a newsletter where you can find news, insights and fresh ideas about Smart Wallets.

My name is Yao Xiang, currently a researcher of MYKEY Lab.

Feel free to contact me via comment or send 📧email to me directly.

Smart Wallet
Research
Featured
Updates

--

--

MYKEY
MYKEY Lab

Written by MYKEY

87 Followers
Editor for

Key to Digital Life! https://mykey.org/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams