A Metamask-style browser extension for Zcash

Applicant Background

Elliot Blanchard is a full stack web developer. He recently launched Zdash.info, a live analytics dashboard for Zcash ecosystem data, and a beta release of a free Zcash API sharing Zcash-cli data via a RESTful JSON interface. Elliot will be acting as the team treasurer for the project.

Fireice is a freelance C++ developer. He has experience writing miners for Monero and other cryptonote coins, as well as implementing a webwallet for Ryo currency. In Zcash he is helping out with running Telegram and Reddit communities.

Mistfpga is a freelance reverse engineer and tester. He has developed a fpga based zcash hardware wallet. He brings a strong background in finTECH testing and security to the project

Motivation and overview

A Chromium browser extension for the Zcash ecosystem will provide a simple and intuitive way to make fully shielded transactions. We propose a limited approach that minimizes blockchain data requirements and helps to keep local storage and processing requirements low. Encrypted local stores will keep outputs and keys secure - and are never sent to a remote server. Proper input sanitization will ensure protection against XSS attacks.

Appropriate use cases include low value / high frequency transactions such as receiving mining payouts, sending and receiving tips, and more. Our project will provide immediate value to Zcash users as well as providing a good foundation for potential future functionality including Zcash UDAs/ZRC-20 style tokens.

Technical approach

Browser Extension Frontend

Our Chromium browser extension will operate as a popup style extension, implemented as a single page application in Javascript. To keep the UI lightweight, we will use a vanilla JS + CSS implementation. The frontend will host the WASM module implementing core wallet functionality and manage all communications between the WASM module and the user. In addition to the user experience, the frontend will also encrypt wallet data and save it to secure local browser storage.

WASM / C++ Engine

A WASM (WebAssembly) engine will be used to ensure high performance in the browser while also enabling easy communication with the frontend. The WASM engine will handle two primary tasks: On the Rx side, the engine will receive block data from the frontend, scan this data to find outputs addressed to the user’s wallet, then forward those outputs back to the frontend for local storage in the wallet data file. On the Tx side, the WASM engine will take known outputs and generate a signed transaction, thus spending them. This transaction will be then broadcast via our lightwalletd proxy. Our limited approach to wallet use cases allow us to minimize blockchain data requirements while also ensuring reasonable resource usage on client devices. In general WASM is fairly close in performance to native code, so any devices able to run lightwalletd are likely to be able to run the webwallet. We will additionally write performance tests to have well defined performance limits.

Express lightwalletd proxy (Translation Server)

A lightweight proxy server will mediate communications between the client browser and the lightwalletd backend service, translating binary format RPC calls to JSON using JSON-RPC encoding.

Security Review / Internal Testing / 3rd Party Review

Includes OWASP best practice implementation and manual and automated testing. We will also engage an external company for a comprehensive 3rd party security and test review performed by domain specialists.

Execution risks / Downsides

Despite the efficiency inherent in using a WASM engine, complex transactions will still be constructed locally. This can lead to slow performance for especially complex transactions.

Even though we will be encrypting all local storage, any attacker that gains access to and control of the client device will be able to compromise the local data given enough time and resources.

Finally, ongoing operations, costs, infrastructure, and maintenance could become a complicating factor depending on the scale of user adoption.

Tasks and schedule

  • Express Proxy: 1 Month
  • JS Chromium Extension Frontend: 2 Months
  • WASM Engine: 3 Months
  • Security Review / Internal Testing / 3rd Party Security Review: 3 1/3 Months

Budget and justification

We propose a rate of $15,000 USD per man month as a framework. For the 9 1/3 man months outlined above, the base budget would be $140,000 USD. In addition, we include 100 hours of $100/hr consulting fees to compensate qualified domain knowledge experts to assist with technical guidance during the project for a total of $10,000 USD. Finally, we want to include $500 USD for development hosting and infrastructure.

In total:

  • $140,000 USD base development
  • $10,000 USD consulting fees for qualified domain knowledge experts
  • $500 USD hosting + infrastructure
  • $150,500 total

Tipping

Tips Received
???  
ZEC

Campaign

Started
2 days ago
Funding
$150,500 
Funded through  Zomg logo
1
Kickoff
2
Initial Development
3
Primary Development
4
Integration Testing + QA
5
Launch

Kickoff

Reward: $30,100
Team begins work

Payment Request

The team may request a payout for this milestone at any time.