PROJECT NAME
0x2FA
━━━━━━━━━━━━━━━━━━━━━━━━━━━
DESCRIPTION OF THE PROJECT
Using Oasis, Bandada and Near we are bringing decentralisation to 2FA. 0x2FA replaces Google’s Authenticator, with a privacy-based solution that can also be used to improves the security of web2 and web3 apps.
━━━━━━━━━━━━━━━━━━━━━━━━━━━
DISCORD AND TELEGRAM USER NAME
Discord: @whoisazure
TG: @AzureDev
━━━━━━━━━━━━━━━━━━━━━━━━━━━
REPOSITORY WITH PROJECT'S CODE
https://github.com/0x2fa-org/0x2fa
━━━━━━━━━━━━━━━━━━━━━━━━━━━
VIDEO DEMO
https://youtu.be/aNpxMg3iIq0
━━━━━━━━━━━━━━━━━━━━━━━━━━━
The contract addresses and website URLs of my deployed project
Live DEMO website: https://0x2fa.vercel.app
Contracts (Oasis Sapphire Mainnet):
> TOTP: 0xf02a5EC14A712D4EB901051729112e5c5f3B19F5
> Gasless: 0x795A167eaACf5c5286986dd1645d26AbEB4Ff09B
Contracts (Oasis Sapphire Testnet):
> TOTP: 0x3E295f4BB935f9A9384D85421F4fe33A2cA8f645
> Gasless: 0x99FBAD638bC97B28894709A8e6d077AFecdDA1fe
Contracts (Sepolia):
> NFT Mint: 0xa3fea399160ad54b2aaac277cf65eb3a673e84f5
Contracts (BSC Testnet):
> NFT Mint: 0x376a73fb318c8c282e0281d41c75ad3375cc2654
━━━━━━━━━━━━━━━━━━━━━━━━━━━
Bounties
> Oasis - Sapphire
App Implementation | Contracts Implementation
The TOTP section of the project was built with Oasis as the backbone, by saving a randomly generated seed in a private variable that is used to derive deterministic OTP for particular time-steps. This section can only be built using Sapphire's privacy transactions and wouldn't be possible on any other chain due to the seed being revealed resulting in adversaries generating codes for every domain with every wallet for past, present and future time-steps.
> PSE - Bandada
Implementation
Managing groups is an important part of any authenticator app. You need to set up groups for different domains that users can join, you can then verify that the user is a member of that domain group which can be used to grant the user access to generate OTP codes. It's very important to verify the user is a member of that group to prevent impersonations and generating codes for domains you are not a part of.
> Near
Implementation
The chain signatures by Near make it possible for account abstraction between chains. I'm able to derive wallets for users that they can use to perform transaction on any chain they want including contract interactions. The use-case for this was making an OTP mandatory for every transaction to be carried out.