The problem Banana Wallet SDK solves
Hot wallets provide convenience but at the cost of security. Because they are always online, there’s no need to transition between offline and online to make a cryptocurrency transaction. For example, many people use mobile hot wallets to trade or make purchases with cryptocurrency. To do so with a cold wallet would be inconvenient. You would need to find a device (typically a computer) in which to plug your cold wallet, then move the requisite amount of cryptocurrency to a hot wallet, and then make your purchase.
In addition, while hot wallets are usually free, cold wallets can cost you between $50 and $200.
So users either have to compromise on the experience or on security and privacy.
Challenges we ran into
There were several challenges we ran into while building an sdk:
- First and foremost challenge for us was to figure out extracting signature from the response return by webauthn after authentication. And sending signature onchain and implementing our own custom r1 based signature verification logic onchain in smart contract wallet as webauthn generates secp256r1 based signatures.
- Adding custom r1 based verification logic in our own smart contract wallet added a huge overhead of gas fees. As currently for verifying signature onchain it cost around 1.2mn gas which don't proves to be efficient even on L2 to mitigate through this issue we are working on implementing a offchain zk based r1 based signature verification proof generation mechanism which would enable us to lower downs the gas cost by 75%.
- We faced several hurdles for making ZK 2FA scalable. One such was to figure how the storage for OTP hashes as current localStorage based solutions aren't scalabe. To handle this issue we had planned to store the OTP hashes at users browser indexedb storage as it allows us to utilize around 80% of user's disk space Additionally we are planning to keep the backup of users OTP hashes over IPFS in an encrypted manner so that in can event of users browser reset we could fetch the backup hashes from IPFS>