project screenshot 1
project screenshot 2
project screenshot 3
project screenshot 4

Sigcure

Sigcure is a gasless multisignature-protected password manager.

Sigcure

Created At

ETHBogotá

Winner of

1️⃣9️⃣ IPFS/Filecoin — Top 19

2️⃣ WalletConnect — 🥇 v2.0 Track

🗃 Coinbase — 🥇 Best Integration of Coinbase Wallet

🥈 DeGate — Best Solution That Contributes to one of 17 United Nations Sustainable Development Goals

Project Description

We built a gasless multisig protected password manager. Rather than using a smart contract powered multisig we are leveraging off-chain Ethereum message signing to maintain similar security practices without paying the transaction costs of storing signatures on chain. When an admin user creates their multisig all details are stored on IPFS and accessed through web3.storage. We track logins using a json bucket in the cloud. We grant the admin password access when the admin's set threshold of signatures has been met within five minutes of the admin attempting to access the password.

How it's Made

We started by building out our wallet connectivity with WalletConnect. The WalletConnect web3modal hook allows us to support dozens of wallet providers without extra implementation logic. In addition to WC’s connect button we’re using their hooks for interacting with the connected wallet (which we’re mainly using to sign messages in our dApp). When an admin user creates a multisig we take their passwords, encrypt them and store them on IPFS using web3storage along with their set threshold and wallet addresses that are part of the multisig.

To write data to IPFS we use the web3.storage SDK. To read data from IPFS we make a fetch request to the link constructed by the CID as well as the file name that we generated at setup time. We store all signatures on a json cloud storage provider. When an admin initiates a login we start a timer and pull the json bucket looking for signatures from the admin’s multisig in the allotted timeframe. If the threshold of signatures is met the admin user is redirected to their password vault.

The algorithm we wrote for pulling the passwords is absolutely CRACKED :)

background image mobile

Join the mailing list

Get the latest news and updates