Open Grant Proposal: Solace Protocol

[zigzagsz]

Solace

Open Grant Proposal: Solace Protocol

Name of Project: Solace Protocol

Proposal Category: app-dev

Proposer: zigzagsz

(Optional) Technical Sponsor: Jenks Guo Piyush Maheshwari

Do you agree to open source all work you do on behalf of this RFP and dual-license under MIT, APACHE2, or GPL licenses?: The project is completely open source.

Project Description

Problem

One of the great challenges with making cryptocurrency and blockchain applications usable for average users is security: how do we prevent users' funds from being lost or stolen? Losses and thefts are a serious issue, often costing innocent blockchain users thousands of dollars or even in some cases the majority of their entire net worth.

Hardware wallets alone are not good enough Hardware wallets are often touted as the best-in-class technology for cryptocurrency funds management. A hardware wallet is a specialized hardware device which can be connected to your computer or phone (eg. through USB), and which contains a specialized chip that can only generate private keys and sign transactions. A transaction would be initiated on your computer or phone, must be confirmed on the hardware wallet before it can be sent. The private key stays on your hardware wallet, so an attacker that hacks into your computer or phone could not drain the funds.

Problems with hardware wallets:

1. Supply chain attacks: if you buy a hardware wallet, you are trusting a number of actors that were involved in producing it - the company that designed the wallet, the factory that produced it, and everyone involved in shipping it who could have replaced it with a fake.
2. Still a single point of failure: if someone steals your hardware wallet right after they stand behind your shoulder and catch you typing in the PIN, they can steal your funds. If you lose your hardware wallet, then you lose your funds.

Mnemonic phrases are good for protecting against loss, but they do nothing against theft. Even worse, they add a new vector for theft: if you have the standard hardware wallet + mnemonic backup combo, then someone stealing either your hardware wallet + PIN or your mnemonic backup can steal your funds. Furthermore, maintaining a mnemonic phrase and not accidentally throwing it away is itself a non-trivial mental effort.

Solution

So what do we need? What we need is a wallet design which satisfies three key criteria:

No single point of failure: there is no single thing (and ideally, no collection of things which travel together) which, if stolen, can give an attacker access to your funds, or if lost, can deny you access to your funds.

Low mental overhead: as much as possible, it should not require users to learn strange new habits or exert mental effort to always remember to follow certain patterns of behavior.

Maximum ease of transacting: most normal activities should not require much more effort than they do in regular wallets (eg. Status, Metamask...)

A social recovery system works as follows:

There is a single "signing key" that can be used to approve transactions There is a set of at least 3 (or a much higher number) of "guardians", of which a majority can cooperate to change the signing key of the account. The signing key has the ability to add or remove guardians, though only after a delay (often 1-3 days).

Solace is a program (smart-contract) based non-custodial wallet for Solana which eases user's onboarding and enhances security using social recovery, written in Rust

With Solace you have:

1. Ease of Onboarding - Seed phrase to the user's signing account is redundant, and not as important as it would've been if it held all of the user's assets
2. Security: Funds are stored in the program (smart-contract), and is protected by the recovery_mode flag, which prevents funds from leaving the system

Value

We use IPFS to store user's guardian information. Improvisations can be made where the addresses are hashed to prevent any social engineering attacks on the user. Current use cases of IPFS for Solace are as follows:

1. Store user's unique names (user_names) so as to make paying to other solace users convenient
2. Store user's guardian information so as to notify the guardian of recovery requests More info

To reduce the risk of attacks on guardians and collusion, your guardians do not have to be publicly known: in fact, they do not need to know each other's identities. This is accomplished in two ways. First, instead of the guardians' addresses being stored directly on chain, a hash of the list of addresses are stored on IPFS, and the wallet owner would only need to publish the full list at recovery time.

What are the benefits to getting this right? The goal of crypto is to give people access to cryptographic and economic building blocks that give people more choice in whom to trust, and furthermore allow people to build more constrained forms of trust: giving someone the power to do some things on your behalf without giving them the power to do everything. Viewed in this way, Solace Protocol with the help of IPFS is a perfect expression of this principle: each participant has some influence over the ability to accept or reject transactions, but no one can move funds unilaterally while maintaining transparency with the help of decentralized storage solutions like IPFS & Filecoin. This more complex logic allows for a setup far more secure than what would be possible if there had to be one person or key that unilaterally controlled the funds.

Deliverables

Our current status update after having received the Microgrant from Filecoin is as follows: It's now been more than two months since we participated and won in the Solana Hacker House 2022 following which we received a Microrgant from Filecoin/IPFS.

We have published our NPM Package https://www.npmjs.com/package/solace-sdk where developers can build their front-end in React, React-Native, Ionic, Angular or any JS based framework. We are also building a backend SDK, where developers can easily interface with IPFS via OrbitDB ThreadDB and build scalable backends for their self hosted Program Wallets

Here is our Microgrant update - Solace - Microgrant Update v3.pdf

Moving on these are the deliverables we have:

1. Introduce Mulitple DeFi Integrations allowing user to earn yields on their savings:

   i. To Integrate Saber - DeFi’s cross-chain liquidity network. Solace users can deposit their crypto into a Saber liquidity pool to earn passive yield from transaction fees, token-based incentives, and eventually automated DeFi strategies. ii. To integrate Jet - A lending protocol built on the Solana blockchain with a focus on innovative lending products and cross- chain interest rate arbitrage.

2. Introduce DEX Integrations allowing user to swap:

   i. To integrate with Serum a high-speed, orderbook based, non-custodial DEX that’s built on Solana. Serum brings the speed and convenience of centralized exchanges to DeFi while remaining fully trustless and transparent allowing Solace users to swap their crypto without having to ever leave the app

3. Introduce the ability to purchase and showcase NFTs:

   i. Giving ability to access NFTs without having to switch applications is the next step in enhancing the user experience. this is also in line with our vision of making Solace a super app built on Solana. For this we would be needing to integrate Magic Eden or SolSea

4. Global on ramp

   i. Easily add funds to your wallet with fees as low as cents, not dollars. Integration with On ramp applications like Banxa & Moonpay would drastically increase the user experience of Solace users.

5. To Integrate Bonfida i. Bonfida is a naming service for Solana like ens. It will allow Solace users to quickly send and receive funds to a human- readable address

Development Roadmap

Serial No.	Milestone	Amount Required	~Date Of Completion
1.	Implement ownership transfer, in addition to social recovery it is possible for a user to transfer the ownership of their wallet to a new device while being in possession of the old one.	$2000	14 Days
2.	Create a vault smart contract, one of the most important & secure feature of Solace, it gives users multi-sig security, locking, and automatically blocking transfers to new addresses.	$3500	28 Days
3.	To implement trusted contacts, allows users to choose and address they trust, for example a friend's wallet, or their exchange account. Transfers to a trusted address do not require guardians. Any other transfers do require guardians.	$1500	14 Days
4.	To implement trusted lists, to simplify your usage of Dapps. These are selections of Dapps that do not require guardians to use because they're trusted. To start, Solace Vault will launch with the 'Solace Trust List'. This list will contain all the Dapps in the 'Invest' tab in Solace, e.g. Saber, Serum, Jet.	$2000	14 Days
5.	To introduce trusted sessions, these sessions allow users to select a time window during which they don't have to approve transactions with guardians. Trusted session creates a new temporary private key. Once you authorize the trusted session with the guardians, this new private key will be able to take any action without guardians.	$2000	21 Days
6.	DeFi & DApp integrations & partnering with popular NFT platforms like Magic Eden, SolSea: The most development extensive part of our roadmap would include integrating with DeFi applications like Saber, Jet & Serum. We have also planned to integrate NFT platforms like Magic Eden or SolSea. Successful integrations of such applications would allow us to achieve our vision of making Solace a superapp on the Solana blockchain	$9000	90 Days
7.	Integration with global on ramp solutions such as Banxa & Moonpay giving users the freedom to easily add funds to their wallet with fees as low as cents, not dollars.	$3500	21 Days
8.	Complete UI/UX overhaul: implementing features mentioned above and DeFi & DApp integrations would demand a completely different user experience from what the app currently offers thus would require intensive user experience research supplemented by design work along with a website redesign and brand guidelines,	$4000	28 Days

For each milestone outlined above, we as a team of 5 will undertake building it by ourselves along with the help of freelancers and interns. We estimate that this would take roughly ~32 weeks.

Total Budget Requested

In order to grow Solace as a super app we are asking for a total of $27,500.

Maintenance and Upgrade Plans

Moving forward we would like to keep Solace Protocol an open source project allowing people around the world to be a part of our journey. We would be doing code audits & keeping up with the highest standards of security measures to ensure smooth functioning of Solace with bullet proof security. Our product team would be consistently doing R&D to make sure Solace is what the world truly needs.

Team Members & Github

F. Tahir A. Sethi S. Sharma A. Prasad

Team Member LinkedIn Profiles

F. Tahir A. Sethi S. Sharma A. Prasad

Team Website

Solace Protocol

Relevant Experience

Our team is able to provide extensive experience across two vital areas of the enterprise; over 6 years delivering digital solutions including 3 years working in Web3 , coupled with 2 years producing and delivering marketing campaigns and audience engagements. Our team consists of and includes:

Ankit Sethi has over 4 years experience of working in the digital design industry for startups, scale-ups and corporates. He has been running R&D and product teams in Web3 since 2019 and has a deep technical understanding of Blockchain & Decentralized Finance.

Ashwin & Sarthak have over 6 years of experience developing as full stack developers and 3 years being smart contract developers. Ashwin was the CTO at a FinTech Startup in India, called ZeroPay (https://zeropay.fyi/), where he scaled to 100k users in 3 months in the space of consumer credit, Since then, Ashwin has been an avid blockchain developer focusing on Solana, also winning a prize in the Solana Hackathon Bangalore 2022 (Filecoin/IPFS) for his efforts on the Solace Wallet. Ashwin & Sarthak are Co-founders of Onpar Labs, which consults startups and companies globally like Tata & iHeart Media.

Fatima Tahir has worked in the space of marketing for over 3 years. Crafting strategies for all Marketing teams, including Digital, Advertising, Communications and Creative Preparing and managing monthly, quarterly and annual budgets for the Marketing department setting, monitoring and reporting on team goals working closely with client teams coordinating and delivering international, multi-agency, award winning results. She has also consulted multiple Web3 startups in terms of marketing, helping them build a solid framework to get going.

Ashwin and Ankit have known each other for over 7 years, meeting first at a hackathon and then subsequently working together on Onpar Labs and eventually Solace.

Team code repositories

Solace Protocol

Additional Information

Briefing session - Solana Bengaluru Hacker House Solace Protocol was born in the Solana Bengaluru Hacker House. We were the prize winners (Build a Solana + Filecoin/IPFS Project for the Bangalore Hacker House)

After winning the prize we then received a Microgrant from the Filecoin foundation. Solace Protocol Microgrant Update:

After utilising the Microgrant funds in order to support our project applying for an Open Grant was the next step considering we are aiming to scale globally and achieve mass adoption.

FileCoin's support has meant a lot for us in the past month as we are now able to push forward faster and stronger with Solace. Thank you for the support.

Contact Email

ankit@onpar.in

[zigzagsz]

@jenks-guo-filecoin Tagging you here for reference.

[web3jenks]

Hi @zigzagsz I can see Piyush is already your technical sponsor. I will limit the scope of our conversation on specifics of your SQL DB to Orbit DB migration as we discussed earlier. 😃

[zigzagsz]

@jenks-guo-filecoin We have successfully started our DB migration to ThreadDB. We are currently still POC'ing. We will have the full migration done in before 21st July

[web3jenks]

Thanks @zigzagsz great to hear. I am keen to hear about your challenges and your experience of it post full migration.

[zigzagsz]

Hi @jenks-guo-filecoin , thanks for connecting with us yesterday. It was a good brainstorming session. We have completed integrating ThreadDB into Solace. We are now planning on migrating to Go. Will keep you posted!

[ErinOCon]

Hi @zigzagsz, this grant has been approved! We will send you an email to discuss next steps.

[zigzagsz]

@ErinOCon @realChainLife @jenks-guo-filecoin Thank you all for supporting and believing in us!