Introduction
Pouch is an on-chain fund recovery protocol built on the Cosmos-SDK as a complementary security wrapper for existing wallets, with extensibility as an account management platform through customizable conditional transfers.
The benefit as an appchain leveraging the IBC protocol is that code logic resides on one chain versus many, simplifying user experience as well as code maintenance.
Inspiration
We apply the idea of account abstraction for smart contracts to interoperable appchains. We leverage interchain accounts and authz to add a security wrapper for existing wallets without the need for users to move funds.
Losing access to cryptocurrency assets due to misplaced or forgotten keys is a prevalent challenge in the blockchain world. The ability to inherit assets between family members or team members are both vital and essential for adoption.
Our technology aims to address this issue.
What it does
Pouch adds an additional layer of security for user funds, where an account on the Pouch blockchain allows users to recover funds on any Cosmos-based chain. When private keys are lost, an on-chain fund recovery process can be initiated by users or appointed guardians. Pouch implement a fortified fund recovery procedure utilising the following features:
- Whitelisted Accounts: Funds to be recovered can only be sent to whitelisted accounts.
- Mandatory Waiting Time: The fund recovery process begins after a mandatory waiting time so that mistaken or unwanted fund recoveries can be cancelled.
- Daily Recurring Transfers: Funds are recovered through daily transfers over a defined amount of days. This also lets users cancel mistaken or unwanted fund recoveries.
How we built it
We utilise interchain accounts, interchain queries, authz and groups to transmit transactions through a designated account on Pouch, acting as a proxy for a user's primary account on other chains.
To implement additional validation logic, we built custom modules which serve as an additional layer of protection for users. We have organised this into four modules:
- ica policy: Establishes validation logic for whitelists and transfer limits, among others.
- icatx: Checks transactions against the corresponding validation logic.
- Icatransfer: Orchestrates the transfers according to its parameters such as schedules and limits.
- interchainquery: Query information from host chain in protocol to Pouch
Challenges we ran into
UI/UX: The right balance between simple, intuitive UI and offering comprehensive functionality is challenging, especially in Web3. We would like interacting with Pouch to be pleasant for every Cosmonaut.
Module Compatibility: Ensuring that our modules are compatible with the Cosmos-SDK and IBC tech stack requires solid technical understanding and can be complex.
Accomplishments that we’re proud of
Our commitment to delivering practical and secure solutions is reflected in the completion and deployment of critical features to our GitHub page.
Notably, we've successfully implemented and made available the code for fund recovery, whitelisting, daily limit, scheduled transfer and recurring transfer functionalities.
Next, we have conducted testing by connecting our chain to the CosmosHub testnet as the host chain. We have achieved success in sending IBC transactions to control the interchain account on the CosmosHub testnet for fund recovery, utilising both direct transfers and scheduled transfers.
We also recently won the AEZ boost hackathon organized by Dorahacks and sponsored by ATOM Accelerator DAO. We proudly claimed first place in the Interchain Security (ICS) track.
What we learned
It is possible to have new solutions that substantially elevate wallet security while keeping the user journey simple.
What's next for Pouch
Gather feedback and add more features :)
Note: Based on the information from the organizer, we've opened up shared access to the judges'/organizers GitHub accounts for the private repository.