Pandsal

The Pandsal project, named after the universally familiar bread that starts the day for many in the Philippines, is a pioneering endeavor to welcome Web2 users into Web3 in a much easier way. The mission is to enable and encourage users to interact with their beloved Web3 apps with fewer steps - especially if this is their first blockchain experience. All without sacrificing the decentralization and security of the technology.

Conventionally, the journey into blockchain and decentralized applications (dApps) can be daunting, requiring know-how of complex cryptocurrency wallet downloads and the management of sensitive private keys. This isn't the most appealing entry into an otherwise exciting world. It needs to be simple, dependable, instant and versatile - like pandesal!

The Pandsal onboarding kit is here to remove those barriers and deliver accessibility for all.

Whether you're a consumer eager to explore the possibilities of Web3, or a business trying to harness the potential of blockchain technology, Pandsal has you covered.

We've reimagined onboarding by minimizing - or delaying - the need for users or enterprises to grapple with private keys and downloading wallets., serving a seamless and secure transition. It's not a wallet, but a user-friendly, self-custodial gateway to the Ethereum network. No more depending on private keys or panicking over intimidating jargon before they're ready.

Simply put, with Pandsal, your users are empowered to create accounts, access dApps, and manage digital assets in just a click or two. Tailor-fit it to your business's needs!

With Pandsal at your service, your business or dApp can have full control over the full experience. Easy and dependable way to get you started.

This groundbreaking approach democratizes Web3 access, promising a more inclusive and accessible future for blockchain technology. Start your day with with a byte of Pandsal. We promise it'll be a great one.

To introduce non-Web3 users to the world of decentralized applications, we aimed to create a comfortable and familiar onboarding process. We started by using Google's OAuth to easily acquire email addresses, which are widely recognized and commonly used for online identity.

After successfully obtaining the user's email address, we implemented a multi-layered security process to transform it into a wallet address. This ensures that the email address is deterministically linked to the wallet address, providing a convenient user-friendly identifier. Importantly, we've taken measures to protect against brute force attempts to extract private and public keys from the email address, enhancing the overall security of the system. Utilizing these measures not only enhances users' wallet security but also safeguards their credibility and encourages responsible behavior in the realm of Web3.

Following this stage, we initiated the precomputation of the contract address using the create2. Users were provided with the flexibility to deploy it immediately or at a later time when they initiate a transaction. Deploying it early offers the added convenience of enabling users to log in without the need for Google's authentication process. Once the smart account is created, the user's account becomes fully decentralized, empowering them with autonomy and control over their digital presence.

Once the deployment process is initiated, users are required to send a signature to confirm their request. The request for smart account creation is then accepted and thoroughly verified, leveraging the EIP 712 standard for added security. Upon successful signature verification, a multisignature transaction is triggered, utilizing the Safe's Protocol Kit, API Kit, and Relay Kit. We've implemented a 2-out-of-3 threshold for signers in this step, enhancing security. When the multisignature process is completed, the Relay Kit takes charge, sponsoring the transaction, allowing the Safe to grant an allowance for the wallet address to deploy its smart account. This ensures a robust and secure process for deploying smart accounts within our system.

In cases where the Relay Kit from the Safe Protocol isn't available, we've designed our own MultiSig ZK-Paymaster, which follows a similar process. This paymaster operates with a 2-threshold signature requirement, where both signatures are bundled with a nonce. If the nonces don't match, the transaction is automatically rejected to maintain security. The bundled signatures are then subjected to verification. Once verified, a zk-service is deployed to generate a proof, and this proof undergoes on-chain validation. Only when both the proof and signature verification are successful, does the executor initiate the vault or relayer to send the necessary allowance to the wallet address. The wallet executor also doubles as the paymaster for covering gas fees, ensuring a robust and efficient transaction process.

After the wallet address receives the necessary allowance (a process akin to faucet funding, albeit abstracted for convenience), it proceeds to the deployment and verification of the contract address on the selected network. This step marks the culmination of the user's journey in establishing their fully decentralized smart account.

Typically, it takes just a few seconds to a minute to deploy a smart account with a single click of a button, all without the need for downloading wallets, navigating in and out of websites, or visiting faucets. This streamlined process ensures a swift and hassle-free experience for users looking to establish their smart accounts.

We employed a technology stack that maximizes efficiency and developer-friendliness. We utilized Express for server setup and Node.js for the backend. Both JavaScript and TypeScript played pivotal roles in both front-end and back-end development. For the client side, we harnessed the power of Next.js, and for the development of our smart contracts, we relied on the robust capabilities of Hardhat.

One of our most notable achievements is enabling users to create an account and dive into Web3 in under a minute, completely bypassing the complexities of wallets, faucets, and other traditional barriers. This streamlined approach truly democratizes access to Web3, making it quick and hassle-free for all.