WalletUnCon
- EF/Devconnect context and intro (Ligi, 5min)
- How to unconference, agenda-create, scribe, convene, ideate, and listen deeply (Bumble, 15min)
- Next steps if your sessions goes well (Bumble+Kyle, 10min)
Proposals for standard definitions of concepts such as: account abstraction, intents, wallet as a service.
In order for us to do good work creating standards it helps to be on the same page about the things we're discussing.
The crypto world is rapidly evolving, and with it, the tools that users rely on to interact with blockchain data. As blockchain explorers have evolved to meet the demands of web3 users, so too have crypto wallets. This talk will explore the evolution of UX in both crypto wallets and blockchain explorers, emphasizing the importance of intuitive design, the role of emerging technologies, and the future of user-centric interfaces in the crypto space.
Abstract: Many people try to compare Account Abstraction vs MPC or even claim that MPC is a safer technology. However, while MPC is a good solution for key management, it can't offer all the benefits of account abstraction. This is why we are exploring Shnorr signatures - a secure key management that works together with AA and unlocks a new horizon for secure AA wallets
Using secure elements and biometric authentication to onboard users into the web3 ecosystem will be a game changer for the next incoming wave. Enabling the secp256r1 curve through precompilers (i.e. EIP-7212) or verifiers provides the user with seamless and completely non-custodial wallet ownership based on biometric identity. Combining this with account abstraction (sponsored tx, spending accounts, recovery alternatives and more) allows wallets to mimic user habits on web2 and in this way the blockchain can be a truly invisible backend service to the user.
Contrary to common perceptions, Multi-Party Computation (MPC) and Account Abstraction can be seamlessly integrated to craft a robust and secure user experience, acting as a catalyst for widespread cryptocurrency adoption among non-web3 familiar audiences. In this presentation, we will underscore the significance of utilizing MPC for advanced key management, paired with smart contracts for effortless funds management, marking a pivotal stride towards mainstream cryptocurrency acceptance.
This talk will explore the critical security issues in the Ethereum ecosystem, specifically the vulnerability of users to phishing attacks due to the lack of transparency in transaction confirmations. We'll look at modern strategies and see how they fail, and I'll share a model for reasoning concretely about confirmation safety with a holistic trust model that requires ecosystem wide collaboration to implement.
In the rapidly evolving world of blockchain technology, the mempool often remains an underexplored territory. With my projects, "Roll a Mate" and "Acid Chains", I've delved deep into this realm, seeking to harness its expansive capabilities to push the boundaries of the Ethereum Mainnet and other EVM-based chains.
The talk will explore the role of crypto wallet UX in driving mass adoption. We will cover advancements in Passkeys, the transformative potential of Interchain Accounts for cross-chain asset management, and the concept of cross-chain composability. Attendees will also gain insights into the latest UX-related Ethereum Improvement Proposals (EIPs).
Many more people proposed great sessions than we have time for-- here is where the horse-trading, session merging, and schedule-fine-tuning happen, COLLECTIVELY and HORIZONTALLY.
While numerous wallet development tools offer various features and design options, this lightning talk explores the application of Atomic Design concepts, such as atoms, molecules, and organisms, in building wallet interfaces that elevate composability to a new level of modular wallet development.
A number of decentralised storage networks exist for you to store data that is managed via blockchains such as Filecoin. But how do you keep track of the data you have stored? OK, I've uploaded my previous photos, but how do I find them again in amongst the rest of the 1,000 Petabytes of data on the network? How many replicas of the data are there? Are they healthy?
In every tech stack, each component holds some secrets, but often, the most important secrets are found in the connections between them. Web3 mapping shines a light on these, changing how crypto companies and users approach security. Traditional methods, focused on individual assets like smart contracts, fall short.
Coinspect uncovered vulnerabilities in over 40 cryptocurrency wallets, with varying severity levels. Many of these vulnerabilities let attackers compromise wallets simply by having users visit attacker-controlled websites, granting access to users' mnemonic phrases or forcing silent transaction signatures.
Along the way, we noticed a common denominator among the multiple vulnerabilities reported: the attack vector, which most of the times required a compromised or malicious DApp to successfully exploit them.
In response, we are developing a tool to detect early signs of DApp compromises, currently being tested with MetaMask Snaps. We invite individuals to a session to delve into these security issues, and our research projects.
In today's crowded digital wallet landscape, potential adopters face an arduous choice of what wallet to take a look at, then, download or sign up, and hopefully, keep using again and again. As tech features and user experience define user retention, this is a product reputation that facilitates the “test drive”, or even a decision to stay on the product website longer or close the tab right away.
As with any other complex system, reputation can be reverse-engineered. When combined with speculative design techniques, these reverse-engineering results can give momentum to any new digital wallet — big or small, well-developed or buggy-alpha one— a chance to be considered along with widely used wallets. The only question: how fair is such reverse engineering?
Explore the design space to achieve interoperability for embedded wallets, including but not limited to privacy considerations, permissions management (e.g. for app- and session keys), and tooling that helps users manage multiple accounts across dapps and chains.
If I want to be paid in tradfi, I can send my (routing number, account number). Unambiguous and works everywhere.
If I want to be paid on Ethereum, what do I send? An address is ambiguous: it's common for people to send transfers to the correct address, but on the wrong chain.
In this session, we'll discuss potential solutions.
One of the problems any user willing to interact with a deployed smart contract faces is whether a smart contract is audited and whether the deployed version is the same version that was audited. Auditors of the smart contracts mainly focus on the source code. This tool helps auditors as well as end-users to make sure that the deployed version works as expected.
We spend a lot of time thinking about permission systems, but it's equally important to think about how we can design systems where permission prompts are minimized. Let's discuss how we can build such systems in a decentralized setting.
There is an implicit assumption in ERC-4337 that the bundlers in a public p2p mempool are working with mevboost-enabled block builders, to reduce duplicate UserOp submissions and rejections. This workshop aims to understand this dependency and the implications when mevboost-style block building is not present, as in alternative chains like Filecoin's.
Over the last year or so alternative rpc providers like flashbots protect and backrun me have come to the market that enable users to take advantage of value-added services. However, they don't play nice with current rpc standards and often return false information to trick wallets into behaving how they want.
How can we move forward with the current rpc standards to enable innovation?
https://mevblocker.io/#faq
https://github.com/MetaMask/metamask-extension/issues/10914
Multichain token transfers are broken. Keystore contracts are one way of solving the identity problem of token transfers in a multichain environment. We propose an alternative solution that relies on offchain messages; it is more user-friendly and does not require the middleware stack or wallets to be rebuilt.
Developing wallets sucks, but not as much as integrating lots of DeFi protocols!
There is a different approach which would massively simplify implementations and provide access to many more protocols directly from the wallet; imagine a multi-chain DeFi wallet in a thousand lines of code! With a composable intent marketplace it is not only possible, but IMO it's necessary for the ecosystem.
GM guys! I am Booga! I focus on integrations and accessibility for Zeiron. In the last two months, I tested out the top 100 apps with different injected wallet combinations. I would like to share what I've learned.
Standards help bring some normalcy to our space and help propel efforts for mass adoption into web3. CASA is a standards body that aims to make it easier to do that and invites anyone to be a part of the conversation.
This is an ERC-4337-related problem, every frontend implementing smart contract accounts wants to use its own account factory, which leads to users having a separate account for every dApp. I want to make folks aware of this problem.
Our authentication method evolve from what we know(password, security question), what we have(SMS, social account) to who we are(bio-metric, faceID, fingerprint). This passwordless wave could also bring web3 the best user experience as possible. This panel we talk about the good, bad and the ugly of passkey and the web3 solutions.
Introducing the 'Shopping Cart' concept, a transformative way to streamline multiple wallet transactions. By batching non-time-sensitive transactions, we can efficiently reduce gas costs, accelerate confirmations, and enhance user interaction. Plus, imagine sharing your transaction batch on social media, offering followers a seamless way to keep up with trends. This approach champions both cost-efficiency and social inclusivity in web3 transactions.
Ethereum wallet providers are notorious for not playing nicely with each other due to legacy window.ethereum approach and the pitfalls that come along with it. Boidu will give an overview of the EIP-6963 upgrade path and showcase his testing dapp for helping wallets take it before breakout into an open workshop format.
It's always interesting to see what other ecosystem have. Polkadot bakes in native multisig and a bunch of other tools close to what AA on Ethereum is pushing for.
The new CAIP-222 standard provides a simpler user experience by bundling two wallet requests ("connect wallet" and "sign in with ethereum/solana/etc") into a single method. This one-click flow can thus provide wallet authentication and even Authorization via ReCaps or UCANs when exposing blockchain accounts and returning a cryptographic signature. Cali will give a brief overview of the interface and then workshop use-cases with attendees.
Iron is a crypto wallet built from the ground up with development & debugging in mind. It bundles together features that, as of now, exist only as loose CLI tools and 3rd party websites and, guess what? It all runs locally on your device, with fully open-source code. In this talk, we'll delve into our design process.
As web3 wallet adoption grows, how can we ensure underserved communities don't get left behind? I want to propose a group discussion, where we identify challenges diverse users face in accessing web3 wallets and explore ways we can make experiences more equitable.
There are eight timeslots, each with 5 workshops, meaning that if you attended the entire event, you could not possibly have seem more than one-fifth of this excellent top-shelf content, ideation, and conversation. Hopefully most of the sessions not recorded produced a page or three of notes. Reporting out on the sessions helps everyone absorb more data, make mental notes about whom to talk to later, and state next steps into a microphone and youtube recording if they need an accountability anchor.