🥺 6 months ago I designed the smart contracts of @zk2fa, and finally I decided to release a simple version of this technology for public use.
With a bit of ZK + TON Magic, you are able to use Google Authenticator to secure your wallets. This technology does not rely on TONNEL API or any other centralised server(Only Toncenter/TonAPI) and it will help you in case your mnemonic phrase gets leaked.
It's a side project that I built it for myself but you can also use it if you like 👥
If you have any questions please ask in this chat 👥
PS: Don't use it for small amount, Although it's 100% free but it will cost 0.055 TON gas per transaction to verify ZK Proof on Blockchain.
PS2: Zk2FA doesn't support TonConnect yet(I might add it later)
PS3: Sample Transaction
Use it at your own risk 👮
zk2fa.tonnel.network
Interesting situation 👀
https://tonviewer.com/UQBD2z_cx7haqkQwFzqLfvSFt3rgbdFbsFYx1wxCSDKXF3DV
If you have ever backed up your mnemonic phrase(those 24 forbidden words:), I recommend you to read this article about Zk2FA.
Читать полностью…
Thank you for joining. This is a pure technical channel for Zk2FA so if you are not interested in boring stuff you can leave it ❌
Here I'll post some technical documents, Integration idea and some solved/unsolved challenges that I face
It seems the Wallet that owns this lock was leaked so sniper bots were ready to claim the tokens and sell it💰
But now Zk2FA is installed on the wallet and Mr Putin is safe☀️
https://github.com/MrNecroman/wallet-contract-v5/commit/1ea7e5e60fb722b77c43fa6858d918e4862e44b5
With this update in the contract and circuits, even if the LS and attacker(who has your private key) cooperate together, they can't change/replace your actions.
The method that I used is the same method that I used several times in Tonnel, where I input the hash of user's BOC into my circuit, which then allows contract to confirm the BOC that they received is exactly what user provided during proof computation(without any additional computation and a very minimum gas fee)
#Challenge #1: In current design of Zk2FA, if your mnemonic phrase is compromised, and the lightserver that you use is malignant, then the LS can wait until you try to send a transaction with your OTP proof and then replace your payload(only keep your OTP proof) and sign a new payload to drain your wallet💰
Possible Fix: Modify the circuit and add hash of the actions in your proof, so even if the LS tried to steal your funds with your leaked private key they won't be able to change your actions list.
If you have any better idea to fix this, I'd appreciate if you leave a comment.
