Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
169 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

VELLET: Verifiable Embedded Wallet for Securing Authenticity and Integrity (2404.03874v1)

Published 5 Apr 2024 in cs.CR and cs.DC

Abstract: The blockchain ecosystem, particularly with the rise of Web3 and Non-Fungible Tokens (NFTs), has experienced a significant increase in users and applications. However, this expansion is challenged by the need to connect early adopters with a wider user base. A notable difficulty in this process is the complex interfaces of blockchain wallets, which can be daunting for those familiar with traditional payment methods. To address this issue, the category of "embedded wallets" has emerged as a promising solution. These wallets are seamlessly integrated into the front-end of decentralized applications (Dapps), simplifying the onboarding process for users and making access more widely available. However, our insights indicate that this simplification introduces a trade-off between ease of use and security. Embedded wallets lack transparency and auditability, leading to obscured transactions by the front end and a pronounced risk of fraud and phishing attacks. This paper proposes a new protocol to enhance the security of embedded wallets. Our VELLET protocol introduces a wallet verifier that can match the audit trail of embedded wallets on smart contracts, incorporating a process to verify authenticity and integrity. In the implementation architecture of the VELLET protocol, we suggest using the Text Record feature of the Ethereum Name Service (ENS), known as a decentralized domain name service, to serve as a repository for managing the audit trails of smart contracts. This approach has been demonstrated to reduce the necessity for new smart contract development and operational costs, proving cost-effective through a proof-of-concept. This protocol is a vital step in reducing security risks associated with embedded wallets, ensuring their convenience does not undermine user security and trust.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (41)
  1. Triple-A, “Cryptocurrency ownership data,” accessed: 2023-11-23. [Online]. Available: https://triple-a.io/crypto-ownership-data/
  2. DappRadar, “Dapps Industry Overview,” accessed: 2023-12-03. [Online]. Available: https://dappradar.com/industry-overview
  3. MetaMask, “The crypto wallet for defi, web3 dapps and nfts,” accessed: 2023-11-23. [Online]. Available: https://metamask.io/
  4. M. Fröhlich, F. Waltenberger, L. Trotter, F. Alt, and A. Schmidt, “Blockchain and cryptocurrency in human computer interaction: A systematic literature review and research agenda,” in Proceedings of the 2022 ACM Designing Interactive Systems Conference (DIS ’22), 2022, pp. 155–177.
  5. A. Voskobojnikov, O. Wiese, M. M. Koushki, V. Roth, and K. Beznosov, “The U in crypto stands for usable: An empirical study of user experience with mobile cryptocurrency wallets,” in Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (CHI ’21), 2021, pp. 1–14.
  6. O. Ohayon, “Personal wallets vs. embedded wallets: Who wins in crypto?” March 2023, accessed: 2023-11-23. [Online]. Available: https://zengo.com/personal-wallets-vs-embedded-wallets-who-wins/
  7. Thirdweb, “Embedded wallets - overview,” accessed: 2023-11-23. [Online]. Available: https://portal.thirdweb.com/embedded-wallet
  8. Privy, “Embedded wallets documentation,” accessed: 2023-11-23. [Online]. Available: https://docs.privy.io/guide/frontend/embedded/overview
  9. Dynamic, “Overview of embedded wallets,” 2023, accessed: 2023-11-23. [Online]. Available: https://docs.dynamic.xyz/embedded-wallets/overview
  10. R. Moore, “ENSIP-5: Text Records,” May 2017, ENS Improvement Proposals, no. 5. [Online]. Available: https://docs.ens.domains/ens-improvement-proposals/ensip-5-text-records
  11. ENS, “Ethereum name service: Decentralised naming for wallets, websites, & more,” accessed: 2023-11-23. [Online]. Available: https://ens.domains
  12. Y. Erinle, Y. Kethepalli, Y. Feng, and J. Xu, “Sok: Design, vulnerabilities, and security measures of cryptocurrency wallets,” 2023, arXiv:2307.12874.
  13. Argent, “Argent – the best ethereum wallet for defi and nfts,” 2023, accessed: 2023-11-23. [Online]. Available: https://www.argent.xyz/
  14. Trust Wallet, “Best crypto wallet for web3, nfts and defi,” accessed: 2023-11-23. [Online]. Available: https://trustwallet.com/
  15. Coinbase, “Waas - coinbase cloud,” accessed: 2023-11-23. [Online]. Available: https://www.coinbase.com/cloud/products/waas
  16. Circle, “Programmable wallets — wallet as a service,” accessed: 2023-11-23. [Online]. Available: https://www.circle.com/en/programmable-wallets
  17. Chainalysis, “The Chainalysis 2023 Crypto Crime Report,” 2023, accessed: 2023-11-23. [Online]. Available: https://go.chainalysis.com/2023-crypto-crime-report.html
  18. A. A. Andryukhin, “Phishing attacks and preventions in blockchain based projects,” in 2019 International Conference on Engineering Technologies and Computer Science (EnT), Moscow, Russia, 2019, pp. 15–19.
  19. J. Yang, J. Liu, and J. Wu, “With trail to follow: Measurements of real-world non-fungible token phishing attacks on ethereum,” 2023, arXiv:2307.01579.
  20. Trust Wallet Community, “How to spot a phishing attack & protect your crypto,” 2023, accessed: 2023-11-23. [Online]. Available: https://community.trustwallet.com/t/how-to-spot-a-phishing-attack-protect-your-crypto/753663
  21. MetaMask Support, “How to turn on blockaid security alerts,” accessed: 2023-11-23. [Online]. Available: https://support.metamask.io/hc/en-us/articles/19878220833947-How-to-turn-on-Blockaid-security-alerts
  22. Trust Wallet Community, “Introducing the trust wallet security scanner: Making crypto & web3 safer for everyone,” 2022, accessed: 2023-11-23. [Online]. Available: https://community.trustwallet.com/t/introducing-the-trust-wallet-security-scanner-making-crypto-web3-safer-for-everyone/643056
  23. D. E. Eastlake 3rd, “Domain Name System Security Extensions,” RFC 2535, Mar. 1999. [Online]. Available: https://www.rfc-editor.org/info/rfc2535
  24. D. Cooper, A. Regenscheid, M. Souppaya, C. Bean, M. Boyle, D. Cooley, and M. Jenkins, “Security considerations for code signing,” NIST Cybersecurity White Paper, 2018. [Online]. Available: https://doi.org/10.6028/NIST.CSWP.01262018
  25. Microsoft, “Driver signing - windows drivers,” https://learn.microsoft.com/en-us/windows-hardware/drivers/install/ driver-signing, May 2023, accessed: 2023-11-23.
  26. Apple, “About code signing,” https://developer.apple.com/library/archive/ documentation/Security/Conceptual/CodeSigningGuide, September 2016, accessed: 2023-11-23.
  27. Google for Developers, “Sign your app - android studio,” https://developer.android.com/studio/publish/app-signing, 2023, accessed: 2023-11-23.
  28. CertiK, “Web3 security leaderboard,” accessed: 2023-11-27. [Online]. Available: https://www.certik.com/
  29. Hacken, “Blockchain security services company - web3, crypto, defi,” accessed: 2023-11-27. [Online]. Available: https://hacken.io/
  30. E. G. Weyl, P. Ohlhaver, and V. Buterin, “Decentralized society: Finding web3’s soul,” 2022, available at SSRN. [Online]. Available: https://ssrn.com/abstract=4105763
  31. T. Daubenschütz and Anders, “ERC-5192: Minimal Soulbound NFTs,” July 2022, Ethereum Improvement Proposals, no. 5192. [Online]. Available: https://eips.ethereum.org/EIPS/eip-5192
  32. J. E. William Entriken, Dieter Shirley and N. Sachs, “ERC-721: Non-Fungible Token Standard,” Jan 2018, Ethereum Improvement Proposals, no. 721. [Online]. Available: https://eips.ethereum.org/EIPS/eip-721
  33. Infura, “Web3 development platform — ipfs api & gateway — blockchain node service,” 2023, accessed: 2023-11-23. [Online]. Available: https://www.infura.io/
  34. Q. Wang, R. Li, Q. Wang, S. Chen, M. Ryan, and T. Hardjono, “Exploring web3 from the view of blockchain,” 2022, arXiv:2206.08821.
  35. W. Chen, X. Guo, Z. Chen, Z. Zheng, and Y. Lu, “Phishing scam detection on ethereum: Towards financial security for blockchain ecosystem.” in IJCAI, vol. 7, 2020, pp. 4456–4462.
  36. J. Wu, Q. Yuan, D. Lin, W. You, W. Chen, C. Chen, and Z. Zheng, “Who are the phishers? phishing scam detection on ethereum via network embedding,” IEEE Transactions on Systems, Man, and Cybernetics: Systems, vol. 52, no. 2, pp. 1156–1166, 2020.
  37. S. Li, R. Wang, H. Wu, S. Zhong, and F. Xu, “Siege: Self-supervised incremental deep graph learning for ethereum phishing scam detection,” in Proceedings of the 31st ACM International Conference on Multimedia, 2023, pp. 8881–8890.
  38. S. S. Roy, D. Das, P. Bose, C. Kruegel, G. Vigna, and S. Nilizadeh, “Unveiling the risks of nft promotion scams,” 2023, arXiv:2301.09806.
  39. P. Chatzigiannis, F. Baldimtsi, and K. Chalkias, “Sok: Auditability and accountability in distributed payment systems,” in International Conference on Applied Cryptography and Network Security.   Springer, 2021, pp. 311–337.
  40. S. Chaliasos, M. A. Charalambous, L. Zhou, R. Galanopoulou, A. Gervais, D. Mitropoulos, and B. Livshits, “Smart contract and defi security: Insights from tool evaluations and practitioner surveys,” 2023, arXiv:2304.02981.
  41. MetaMask, “Security bug bounties,” accessed: 2023-11-27. [Online]. Available: https://metamask.io/security/

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now