Please refer to the full proposal text on the SafeDAO forum. Some parts may have been removed to fit within the character limit on Snapshot.
Title:
[SEP 33] [OBRA] Safe Accounts for NFC Tags - Citizen Wallet
Authors:
@jboury
Created:
2024-06-17
Abstract
Safe Accounts for NFC tags
A Safe on your wrist!
We would like to create a Safe Module to allow Safe Accounts to be generated for NFC tags (useful for doing physical transactions at events for example).
With NFC wallet, we already provide Smart NFC Accounts that are ideal for real-world use cases requiring quick and simple transaction settlement. They can be used for events or for community tokens. Within the scope of this project, we would like to upgrade our implementation to use Safe Smart Accounts.
You can find our project pitch deck here:
NFC Wallet Presentation-small.pdf|attachment (713.4 KB)
Aligned strategy: Which pre-approved strategy is this initiative driving forward?
Foster module ecosystem
Funding request: What resources are being requested from SafeDAO in USDC?
10 000 USDC
Relation to budget:
3% of total budget
Metrics and KPIs: Which metrics and KPIs will the initiative be measured against?
We believe the initiative should be measured against:
- Quality level of proposed modules.
- Assessing the ease of use to set up the account
- Assessing the security of the implementation
- Usage of modules: We plan to use the implementation at several events where we will measure the transaction volume, number of unique users and user satisfaction.
By regularly monitoring these metrics and KPIs, we will be able to assess the performance and impact of our initiative, make data-driven decisions, and ensure that we are meeting the needs and expectations of our users and stakeholders.
Initiative Description: What is the initiative about?
Objective:
Our project aims to create a Safe Card Manager Module which will enable NFC tags to use Safe Accounts. This enables the tag to conduct physical transactions with whitelisted vendors. Event organizers are able to instantiate their own Account Factory which will generate unique Accounts for that specific instance.
In order to achieve this with Safe, we need to explore the usage of Safe Accounts for this use case and deliver an MVP solution. We want to validate the usage and implementation with SafeDAO.
The end goal is to submit another proposal to build a web interface for the Card Management and include it as an app in the Safe dashboard.
Overview:
NFC technology allows for seamless and contactless interactions, making it ideal for environments where speed and convenience are paramount. Our current NFC accounts have proven effective for various real-world applications. However, to further increase security and functionality, we plan to upgrade our implementation to leverage the robust features of Safe Wallets.
Key Features:
-
Users don't need to install anything: They can be completely offline and simply use their NFC tag to receive/send.
-
Partial offline usage: Only vendors with their Kiosks require an internet connection.
-
Users don't realize that it's Web3: No gas fees, no seed phrases and still on-chain.
-
Account Abstraction: NFC tags are linked to an account derived counterfactually from their UIDs.
-
Vendors have custody over the funds they collect: Vendors install a Kiosk App (iOS or Android) which they get whitelisted by the event organizer and use to charge customers. The Kiosk app operates its own Safe and has control over its own Safe normally through ERC4337.
-
Ease of Use: The NFC badges or tags enable quick and effortless transactions, simply by tapping the badge or tag against an NFC reader. This simplifies the process for users, particularly in busy or high-traffic environments.
-
Versatile Applications: The integrated solution is perfect for various use cases, including:
-
Event Management: Attendees can use NFC badges for ticketing, access control, and purchases within the event venue.
-
Community Tokens: Communities can issue tokens that members can use for services, goods, or rewards, facilitating local economies and engagement.
Our initiative has 3 components:
-
Web app that displays the contents of the Smart Account relevant to the event.
-
Kiosk App (iOS & Android): a mobile application that serves as point of sale or faucet where you can withdraw or add tokens to an NFC tag.
For these users (which will be businesses most of the time) it would be very beneficial that their Kiosk is a Safe Account. That way they would get access to features of the Safe ecosystem and the Safe dashboard. Definitely the multisig functionality would be a useful security measure if the PoS is used by multiple people.
-
NFC Card Manager: A smart contract which handles the whitelist and account generation for NFC tags.
Current status: Does the offering (product/service) already exist or is the funding used to create it?
We have already built an NFC transaction solution compatible with standard account abstracted wallets. The goal of the funding is to make it compatible with Safe Accounts and to improve the security of the implementation. The system is being used at several events within the crypto ecosystem. The latest event was Celo Gather Berlin: https://citizenwallet.net/posts/implementing-nfc-wallet-at-celogather
Risks: What risks does the initiative entail?
Integration Challenges:
- Risk: The integration of NFC technology with Safe wallets may encounter technical difficulties, such as compatibility issues or unforeseen bugs.
- Mitigation: Conduct thorough testing in various environments, maintain a robust debugging process, and collaborate closely with the technical teams of both Safe and NFC technologies.
Security Vulnerabilities:
- Risk: Cards can be emulated or cloned with specific readers.
- Mitigation: Salt the NFC tags (mitigates serial number guessing), use the secure memory of NTAGs (mitigates cloning), and inform Kiosk users to look out for non-standard cards or other devices.
Partnership Dependency:
-
Risk: The success of the project depends on establishing and maintaining partnerships with event organizers and community leaders.
-
Mitigation: Develop a robust partnership strategy, including clear communication of benefits and collaborative engagement plans. Diversify partnerships to avoid over-reliance on a few key partners.
Resource Constraints:
-
Risk: The project may face resource constraints, such as limited funding, manpower, or technical expertise.
-
Mitigation: Ensure proper project planning and budgeting, seek additional funding opportunities, and consider outsourcing or collaborating with specialized firms for technical development.
Timeline and milestones: Provide a detailed timeline or roadmap, include key milestones
Phase 1: Deployment of a Safe Card Manager Module (week 1- 2)
Milestones:
• Convert any NFC card into a Safe Smart Account.
• Enable simple tap-to-pay transactions using NFC cards.
Phase 2: Update the web interface to take into account differences arising from using a Safe Account (week 3)
Milestones:
• Web interface shows balance, allows you to edit your profile.
Phase 3: Update of Kiosk App (week 4)
Milestones:
• Update the Kiosk/POS app to use Safe Accounts.
• Make the internal testing version available on the App Store and Play Stores for those who need it.
Phase 4: Submit for review to SafeDAO (week 4)
• Milestones:
• A working demo on Gnosis Chain between a Kiosk and an NFC tag
• On chain data of the transaction
Initiative lead: Who is the accountable initiative lead?
Citizen Wallet. We are a Belgian non-profit developing open-source software solutions for community currencies. Our legal entity is called Citizen Spring VZW (https://citizenspring.earth/)
Legal details:
Rue de Villers 12, 1000 Brussels
BE0804505132
Team
Currently the core team of Citizen wallet has 3 members.
Additional support/resources: Are there any resources (non-financial) requested from the Safe Ecosystem Foundation or the core contributors?
It would be great to get some contacts who can help us with the security audit of our implementation.
Implementation dependencies:
Does the implementation of this initiative require any prior changes in the current governance processes, e.g., updates to the governance framework, or have any other dependency? If yes, please specify these. Note that the funding of the initiative will be dependent on the approval and (if needed) successful implementation of such necessary governance modifications or any other dependency.
No
