Teemo — a trustless extension wallet that connects dApps with users

NEL

Anyone who uses NEO dApps should have experienced this: each time you use a new dApp, you need to create or import a wallet. When you are about to create a new wallet, you may think that there are already so many wallets that you can’t remember where to put them. When you are about to import a wallet, you may think the dApp developer is not so reliable. They really don’t steal my private key?

It’s very uncomfortable for users as changing to a new dApp is like changing to another blockchain. You have to start from scratch.

It’s also uncomfortable for dApp developers. If they make a wallet, it’s like creating a threshold. If they don’t make a wallet, they have to access a client wallet and their dapp becomes a sub-application. Can’t developers strike a balance between making a wallet and making applications?

At the backdrop of this, Teemo was born. Although it is a wallet, token management is only its secondary function, the main function is to connect dapp with users. Now, you can use a dapp with one step confirmation.

Removing the registration of wallets is only a small step for Teemo. The more important role of Teemo is to address the trust issue between dApp and users.

When you use a dapp’s wallet, the dapp will show that there is a transfer that you need to confirm. But in fact, you don’t know if the thing you confirm is consistent with what you see. You don’t even know if the request is sent to you after the dapp page is hijacked. Because only two parties are involved in the entire transaction process: dapp and users. The user has no authority to review transactions. Users with hardware wallets may re-verify the transaction on the hardware wallet, which is also a security advantage of hardware wallets.

So how does Teemo do it? We designed a set of “language” — dAPI for Teemo to communicate with dApps. The dAPI is a highly formatted and flexible communication method. Through dAPI, dApps can only request data in the way we specify, and can only pass the correct transaction information to Teemo (the identity information of dApp will be taken by Teemo itself). This information will be processed by Teemo and communicated to the user. After the user approves the review, Teemo will splice the transaction and send it to the blockchain.

In this process, the dApp is isolated. After telling Teemo what to do, the dApp only needs to wait for the result and doesn’t participate in the process.

Because a large amount of raw information is lost in the process of generating transaction data from the transaction content, Teemo allows the user to see more operational information than the hardware wallet that directly parses the transaction data. Especially when operating a smart contract, you can see the function called directly, and this information will directly tell users what they are doing.

Extension wallet

We made Teemo into a browser extension, which avoids the need to open the wallet before using the dapp. When you open the browser, the wallet is already on standby, and when using a dapp, the wallet will pop up automatically when needed. When you close your browser, your wallet will also be closed together.

In order to ensure the privacy of Teemo while retaining more transaction information, detailed transaction records are kept locally. When the user changes the device or deletes the extension, the local transaction history will be cleared. However, users can still find easy transaction records on the blockchain explorer.

Security

Teemo’s entire transaction confirmation process is done inside the wallet and the transaction content is visible, so the normal process is unable to break through Teemo’s security mechanism. The data of the wallet is all stored locally, and their security comes from the browser’s isolation protection for the extension. Unless the hacker can break through the chrome security mechanism, control the extension page or directly break the permission limit and modify the transaction data in the memory, otherwise Teemo is safe. So far, the security defense of browser extensions has not been broken so seriously, so we have reason to believe that the security mechanism of the browser extension is trustworthy, and Teemo is also secure enough.

Some may worry if Teemo itself will steal the private key or the user’s personal information. Please rest assured. Teemo is completely open source, and its interface with the communication network is also a public interface provided by NEL, its security can be easily verified. If you still have this concern, you can even modify the code to make a “Teemo” yourself.

More support

Teemo’s dAPI is the same set of dAPI protocol that NEL and O3 wallet agree to use together. Therefore, for developers, accessing Teemo is equivalent to accessing the wallet of PC and mobile phone at the same time, as long as a few compatibility changes are made on the webpage product. It can adapt to mobile phone users, greatly reducing the cost and difficulty of development. NEL’s dApp will also gradually support Teemo, and our goal is users can use all NEO dApps via Teemo.

Teemo will also gradually support hardware wallets, seed password backup, and other features, and provide more browser support.

Teemo Wallet v1.0 is already available on the Chrome store. If you are interested in Teemo or would like more information, please visit our official website (https://teemo.nel.group/).