Storing crypto assets in multi-signatures accounts is a common practice. A group of people, or a company can set up a mutual fund that require a certain number of threshold confirmations before using the fund. It is just much safer to manage crypto assets and easier to have trust when using multi-signature solution rather than just to delegate these assets to one single account.
One of the most well-known multi-signature tool for managing crypto assets on EVM based chain (Ethereum, BSC) is Gnosis-Safe. It is a smart contract that allows users to create multi-signature accounts with fine-grained access control. As of 8th February 2022, Gnosis-safe has stored more than 100 Billion USD worth of digital assets in its contract. However, there is no Gnosis-safe for Cosmos yet.
Actually, Cosmos-based chain does not rely on smart contract solutions like Gnosis-safe for multi-signature. The Cosmos SDK already supports this feature out of the box. It is pretty straight forward to do multi-sign if you are familliar with Cosmos CLI interaction. If you use Terra Station wallet, there is also the option to create multi-signature addresses in the wallet. However, if we count on user experience, a solution like Gnosis-safe will definetly provide much better UX than the other 2 solutions above.
This is why we are introducing Aura-safe, a fork of the popular Gnosis-safe, but is almost completely rewritten to support Cosmos-based blockchain.
How it works
Unlike the famous Gnosis Safe in which safe creation and transaction are based on smart contract interaction (each safe is a smart contract itself), a safe created on Aura-safe act like any other single ownership wallet.
A person decided to create a safe with several co-owners and a threshold policy.
All of the co-owners must give their permission in order for the safe to be created. During the time, the safe creator can cancel the safe creation at any time.
Upon receiving permission from all co-owners, a unique network address will be generated based on the combination of owners and the desired threshold. The safe is now active and ready to use.
All the co-owners will have access to the newly created safe. The safe can now receive assets and any asset transaction from the safe will required the amount of owner signatures according to the predetermined threshold before being broadcasted to the network.
Anyone who knows the safe address can add the safe to their safe list (which is locally stored for each web browser), however only safe owners can create multi-signature transactions.
With this method of approach, creating a safe will costs absolutely nothing. In addition to that, any multi-signature transaction will act like a normal address-to-address transaction, which cost normal transaction fee and will be charged directly from the safe balance. This will eliminate the need of maintaining multiple balances for the safe and the ones who will execute the transaction, which could be helpful for administration.
However, this approach will render the safe fixed in term of numbers of co-owners and multi-signature policy upon creation. Any needed changes with these two things require creating a new safe (which is free, again). Also, multiple safes with the same set of owners and threshold will not be possible, which might hinder some people with the need of complex fund management.
A summarized comparison can be found below:
| Aura-Safe | Gnosis | |
|---|---|---|
| Smart contract interaction | No | Yes |
| Safe Deployment cost | None | Yes, increase with more owners |
| Transaction fee | As normal transaction | Higher fee due to smart contract interaction |
| Transaction fee bearer | The safe balance | Executor's balance |
| Owner modification | No | Yes, with a transaction cost |
| Threshold modification | No | Yes, with a transaction cost |
| Multiple safes with similar owners and threshold | No | Yes |
Architecture
Aura-Safe is actually a traditional Web App, in comparison with Gnosis-Safe which is a DAPP, as Aura-Safe does not rely on smart contract to operate. There are 3 modules:
| Module | Github | Description |
|---|---|---|
| Safe-React | https://github.com/aura-nw/safe-react | Fork of Gnosis Safe-React, the web UI of the app |
| Multisig-api | https://github.com/aura-nw/multisig-api | Backend service |
| multisig-sync | https://github.com/aura-nw/multisig-sync | Daemon service listens to blockchain networks for specific transactions to inform UI |
You can find more details on how each module works by checking the Github repository. Here are a few things to pickup:
We try to keep most of the UX of Gnosis-safe to ensure a smooth transition from EVM based chain to Cosmos. Even if you are new, Gnosis-Safe UX is extremely clean and friendly so that we don't think there should be any change. Finding a tutorial will also be easier. This is why we fork the UI of Gnosis.
All signing interaction is performed through your Cosmos wallet. We support Keplr out-of-the-box but we are working very closely with Coin98 Wallet to have their support on bringing their signature multi-chain wallet to the eco-system.
We wrote the API and the Sync modules completely from scratch in NestJS. These modules communicate with Comos nodes using cosmjs.
There is a MySQL database that stores pending/signed/broadcasted transactions. Check out the entity-diagram of the database if you need.
The Aura-safe was originally created only for our blockchain, the Aura Network. But we decided to turn it to be compatible with other Cosmos projects as well.
Security
It is a safe after all, security should be the utmost important characteristic. However, Aura-Safe is nothing more than a convenient user interface for you to send multi-signature transactions to the network. So it actually not as critical as you might think. Here are reasons:
Aura Safe does not "store" your digital assets. In Cosmos chain, multi-sign accounts is supported natively, we don't need a third party smart contract to do it on behalf of the user. So your assets are actually stored on your multi-sign account on-chain, not on the Safe.
Aura Safe does not have access to your private keys (or the mnemonic seed phrase). All transaction signing processes are peformed by your wallet of choice. Aura Safe only stores the signed transaction and helps you to broadcast it.
Aura Safe does not store your personal information. We only store wallet addresses and transactions. We respect your privacy.
We are working with a security firm to perform security analysis and penetration testing for the product. Results will be published.
All Aura Safe code are published on our Github.
So even if the Aura Safe site is down or permanently compromised, you can just simply use the command line interface provided by the Cosmos network that you are working with to go on without worrying about your fund.
Long-term plan
Aura Safe is still in development. We hope to release a staging basic version of it next month that connects to several test networks. The first release will focus on a few core features such as create safe, transactions, history, address book and some basic settings. The test version will support Aura Network, Cosmos Hub, Juno and Terra. More things will come in the future.
At the moment, Aura Safe is running on Aura Network AWS infrastructure. The development and infrastructure is funded by the Aura Network team. We are comitted to develop and provide Aura Safe service for long term. The project will be open-source and free to use forever.
If you have any suggestion, please hop on to Github to participate in open Discussion.