Onay
Gives permission to a Security Council to revoke any allowances you have (only to revoke). In case of a security breach, they can send a TX on your users behalf to revoke everyone's allowance to affected contracts, even if you are sleeping. Still non-custodial solution.
Onay
Created At
Winner of
WalletConnect - Innovation Pool Prize
Prize Pool
1inch Network - Open Track 1st Place
Arbitrum - Best Library / Framework 🥇 Winner
Scroll - Deploy on Scroll
Prize Pool
Project Description
Onay is designed to protect user funds against black hats when any smart contract vulnerability is found. Minimizing the funds at risk even if the owner of the funds is sleeping, without compromising any custody.
When you login to the dapp from your Safe you see a list of all your wallet allowances/approvals to other contracts on all the chains we support.
This dapp is for Safe smart wallets or multisigs only.
Also, you will see a button to enable our OnayModule that gives the Security Council permission to revoke any allowances you have (or will have) at any time in the future. But ONLY to revoke approvals/allowances and nothing else!
Once the module is enabled you are protected by the Security Council if a vulnerability on a Smart Contract is found.
The Security Council is a Multi-Sig conformed by DAOs, security organizations and independent security researchers. Any member of the Council has permissions to hit the red button. which will execute bulk revokes in one transaction for the potentially affected wallets. Since the Security Council can only revoke allowances, there is no extra risk to use this module. The worst harm it can do is to revoke all your allowances for no reason, but there is no incentive to do so.
If any member of the Security Council is informed of a vulnerability in contractA, which can allow the attacker to drain all the allowances given to contractA, they can execute a TX to all the wallets that have the OnayModule enabled to immediately revoke all users allowances to contractA, keeping their funds Safe even when they are not yet aware of the vulnerability.
How it's Made
OnayModule is built as a SafeModule, leveraging the ability of this modules to execute any arbitrary transaction on the Safe, it has a function to revoke any spender allowances. The key part is the Owner of the module (the Security Council) is the only one allowed to execute the revoke, and the amount of the approval function is hardcoded to 0 in an inmutable contract, preventing users having to deposit any trust in the security council. They don't need to.
It also has a second function to execute bulk revokes to bundle many revokes for different user/token/spenders in the same transaction.
At the moment, the Security Council pays for all the fees too.
Then there is a Subgraph which keep tracks of all the allowances by an address on any supported chain which is used to display in the frontend.
