It's built on Account Abstraction technology (compliant with ERC4337), enabling powerful features such as account recovery, executing transactions with multi-approval, transaction batching, and paying for transactions in ERC20.
Today, in this blog, we will break down how W3Smart Wallet's security works. At the heart of its security model are guardians.
Introducing W3Smart Wallet guardians
A guardian is an account (an EOA or a W3Smart Wallet account) that has been permitted by the wallet’s owner to execute certain specific operations on their wallet. Guardians never have access to the wallet’s cryptocurrency.
Users can use their guardians to:
- Protect assets by authorizing all transactions
- Recover the wallet without the need of a seed phrase
- Lock and unlock the wallet
Here's how they do it.
1. Authorize transactions
W3Smart Wallet enables a security feature unmatched by traditional crypto wallets. There is an extra step of censorship (multi-approval) when making transactions on W3Smart Wallet. In W3Smart Wallet, all transactions to untrusted addresses are automatically blocked unless you use guardians. Only transactions to trusted addresses are seamless.
In the W3Smart Wallet system, the whitelist is programmed as a condition for executing a transaction. Whitelists are a selection of addresses (the wallet of another person or Dapp's contract) - where the users don’t need guardians to be sent to.
When a user initiates a transaction, the wallet will check the target address against the whitelist. If the target address is on the list (trusted address), the wallet will only require the owner's signature to execute the transaction, so users don't need guardian approval.
If the target address is not on the list (untrusted address), the wallet will require the owner's signature as well as the signatures of the majority of the wallet's guardians (multi-approval).
Authorizing all transactions is an important component of W3Smart Wallet’s security. As with transfers, everything untrusted needs guardians; everything trusted is accessible in a tap. By limiting the number of addresses that a user's wallet can send funds to or interact with, the whitelist adds an extra layer of security and reduces the risk of fraudulent activity. Additionally, the whitelist can be used to restrict transactions to trusted parties and comply with regulatory requirements.
To know how to set up a whitelist (add, remove addresses) for your wallet, read our guide here.
2. Account recovery without a seed phrase
Traditionally there has been a massive problem with self-custody wallets, including hardware wallets: seed phrases. A seed phrase is a sequence of random words that stores the data required to access or recover crypto assets on blockchains.
Crypto wallets provide software that create seed phrases and encourage users to record them on paper for safekeeping.
But you may lose it. Someone else might find it. It means that once you lose your key (in the form of seed phrase), you lose access to your assets.
So, the future of crypto wallet should not depend on a password that is written on paper.
W3Smart Wallet has a better way: Social Recovery (recovery with guardians).
Social recovery is a way to recover your self-custodial wallet without using seed phrases. It is a method for users to rely on a group of trusted friends to recover your assets. Essentially, instead of relying solely on a private key or seed phrase to regain access to a wallet, a user can delegate this responsibility to a group of trusted individuals (Guardians).
Approving a recovery requires a majority of guardians. This is because it makes the system even more secure. How this works is that you and your guardians can each sign an instruction to the smart contract, e.g. ‘Yes, this recovery attempt is legitimate’. You can also cancel a recovery if you have a majority out of your guardians.
Recovery with guardians is easy, you can check this guide to learn more.
3. Locking protection
User can freeze (lock) his wallet immediately. This is useful in case a user suspects his account (i.e. device) is compromised (lost, stolen, …).
After freezing, no one can transfer assets out of the wallet.
When a user locks a wallet, he has a chance to get a new device and recover his wallet. He can also unlock his locked wallet at any time with guardians' approval.
Check out this guide to learn how to lock your wallet when needed.
Conclusion
With its advantages, Account Abstraction (AA) is gradually becoming a common standard for the design of crypto wallets on Ethereum and EVM chains. W3Smart Wallet is a part of this new generation of crypto wallets. In W3Smart Wallet, we put the safety of users' assets first, so AA was chosen as the underlying technology when building our wallet.
In upcoming blogs, we will give you more in-depth knowledge about Account Abstraction and ERC4337. Stay tuned!
