Technical Details

SocketFi: The Smart Wallet Super App on Soroban and Stellar Lumen

Overview

SocketFi is a next-generation smart wallet super application that provides users with a seamless and user-friendly way to create secure, non-custodial wallets using social media sign-in. Designed as a simplified yet secured alternative to traditional wallets, SocketFi eliminates the need for private keys and seed phrases through account abstraction. This allows users to create smart contract wallets effortlessly, ensuring security and ease of use.

SocketFi aims to serve as an entry point for hundreds of millions of social media users to access Web3 dApp and tools. Beyond wallet creation using social media, SocketFi functions as a one-stop super app where users can engage with a wide range of Web3 applications, offering complete functionality to seamlessly interact with DeFi protocols, DEXs, play/engage-to-earn platforms, and much more.

Key Features Overview

SocketFi has several great feature and some of these include:

• Social Media Sign-in: Ability for our users to create secure, non-custodial wallets with ease using familiar platforms like Twitter or Google, making it accessible to mainstream users without worrying about private key management.

• Gas-Free Transactions: The smart wallet handles gas fees automatically, allowing users to transact seamlessly without needing to manage gas costs or wallet balances.

• dApp Integration: Users can access and interact with decentralized applications (dApps), swap, trade, participate in DeFi protocols, and explore other Web3 use cases directly from the SocketFi app.

• Smart Transact: One of SocketFi's standout features is Smart Transact, enabling users to securely automate transactions. Whether it's setting automatic trades at key price levels on decentralized exchanges (DEXs) or rebalancing assets in their portfolio or any supported DeFi protocol, Smart Transact offers powerful tools to optimize your Web3 interactions.

• Earn Points, Rewards with Quests, Bounties, and Airdrops: SocketFi isn’t just a wallet—it's a rewards-driven platform. Users are encouraged to engage through quests, bounties, and airdrops. By participating in activities on the app, users can earn on-chain loyalty points and instant engage-to-earn rewards, further enriching their Web3 experience.

Current Release: Core functionality is live of Futurenet

The current release of SocketFi allows users to test the platform by creating smart accounts and performing basic transactions, such as sending and receiving assets on Stellar's FUTURENET.

The wallet super app can be accessed at: https://app.socket.fi/

Technical Architecture

The following section discusses the core logic of the SocketFi smart wallet, its functionality, and the measures taken to maintain robust security.

The diagram below presents a high-level technical schematic of the SocketFi smart wallet, illustrating the main systems that constitute the wallet, their interconnections, and how they function together.

As shown in Figure 1 above, the SocketFi smart wallet’s core architecture consists of two main on-chain systems: the main wallet smart contract and the sub-wallet contract.

The main wallet Smart Contract

Also known as the Master or Controller contract on Soroban, this contract oversees and manages all user sub-wallets. It enforces access permissions and governs how sub-wallets are created, invoked, and interacted with. The main wallet contract provides several essential functionalities, including

• Nonce Management and Security: The contract incorporates nonce checking and validation mechanisms to prevent replay attacks and unauthorized transactions, adding an extra layer of transaction security. It maintains a sequential nonce for each transaction request for each sub-wallet, ensuring that only fresh, and approved transactions are processed.

• Access Control and Permissions: The main wallet contract controls access permissions for the smart wallet and sub-wallets, ensuring that only authorized signers can execute validated and approved transactions. It should be noted that these signers can only execute transactions created and validated, and cannot create transactions themselves.

• Transaction Routing and dApp Access: Acting as an intermediary, the main contract securely connects sub-wallets to various dApps, enabling seamless access to DEXs, staking protocols, DeFi protocols, and more. It ensures high security by allowing only verified requests to reach each dApp.

• Gas Fee Management: The main contract offers gas management and abstraction, covering transaction fees on behalf of users and providing an aggregated fee model. This streamlines the user experience and enables gasless transactions.

• Automated Workflows, Triggers, and Timed Events: The main wallet contract supports automated workflows such as scheduled transactions, auto-swaps, and automated rebalancing for DeFi activities. This allows users to set up recurring actions securely.

• Audit and Log Tracking: By recording transaction logs, including nonce and other transaction metadata, the main wallet contract creates a transparent history for security audits and monitoring. This tracking is vital for users to trace activity and helps the contract identify unusual patterns or potential security breaches.

Subwallet Smart Contracts:

Also known as User Smart Accounts, Child Wallets, or simply Subwallets, these are individual smart contract accounts created for each user on Soroban. Each subwallet holds the user’s balance, functions independently, and relies on the master contract for creation, specific access, and permissions.

The functionalities of subwallets include:

• Balance Storage: Subwallets store each user’s individual balance, ensuring funds are separated per user. This segregation supports personalized transaction histories.

• Owner Address Storage and Access: Users can assign an owner address (an external account) to their subwallet. This account has exclusive access and privileges, allowing direct control over the wallet.

• Password ZK Commitment Storage: Subwallets store a zero-knowledge (ZK) commitment, used to verify the owner's identity during transactions without revealing sensitive information. This commitment facilitates secure social media logins and access validation.

• Allowance Management: Each subwallet manages spending allowances per dApp or transaction type, giving users better control over spending limits and permissions. This enhances security by restricting access based on user-defined caps.

• Nonce Generation and Storage: Subwallets handle their own nonce for signing and validating transaction requests, which is essential to prevent replay attacks and ensure that transactions are processed sequentially.

Social Media Sign-in Logic

SocketFi facilitates the creation of smart accounts using either an external wallet account (Stellar G account) or a social media login for convenience. When a smart account is created with a Stellar external account, the process is straightforward, as the external account can authorize each transaction directly.

For accounts created or accessed via social media login, here is an outline of the flow, as illustrated in the schematic diagram below.

As shown, the social media account creation and sign-in system includes both off-chain and on-chain logic deployed on the Soroban blockchain. When a user signs in through social media, the process is as follows:

1. Account Verification: The main wallet contract (on-chain) on Soroban checks if the signed-in user ID already exists.

   • If the user ID exists, the user is recognized as a returning user. The subwallet ID is retrieved from the main contract, along with balances and transaction history from the subwallet. The user’s wallet dashboard (frontend) then loads.

   • If the user ID does not exist, indicating a new user, the frontend opens the "Create Account" modal, where the user enters their password and sets spending allowances before proceeding to create the account.

2. Account Creation: When a “create account” request is received, the user’s password is hashed with a randomly generated salt. A ZK commitment is then generated from the hashed password. The salt is encrypted using a randomly selected key from a key pool.

3. Credential Storage: The account credentials, including the ZK commitment, encrypted salt, and key identifier, are passed to the main contract which are then securely stored in the subwallet after it has been created. Finally, the subwallet ID is returned, and the account loads.

The social media sign-in option in SocketFi provides users with a seamless and secure way to access smart accounts, combining ease of use with high security through zero-knowledge proofs and encrypted credential storage. This approach facilitates the seamless onboarding of billions of users from social media networks who are inexperienced in Web3.

Onchain Username-Address Mapping Mechanism

The SocketFi Wallet's main (controller) smart contract incorporates a username-address mapping mechanism. This mechanism securely associates human-readable usernames—used by accounts with social sign-in—with the user's Soroban smart wallet address.

By leveraging this system, users can securely send tokens to a recipient using just their username or account identifier. This eliminates the need to input complex wallet addresses for transactions.

The schematic below outlines how the username-address mapping mechanism operates:

1. Account Unique Identifier Retrieval:

   • The sender enters the recipient's username and selects the associated social platform.

   • This distinction is important since identical usernames can exist across different social platforms. By selecting the platform, the system retrieves the correct unique account identifier for the recipient.

2. Onchain Username Account Retrieval:

   • The unique identifier is sent to the main smart wallet contract, which attempts to retrieve the recipient's wallet address from the username-address mapping system.

   • If a mapping exists, the recipient's address is retrieved, enabling the sender to proceed with the transaction.

   • If no mapping exists, an "Account does not exist" notification is returned, and the sender aborts the transaction.

3. Transaction Notification:

   • Notifications are issued whether the transaction is completed or attempted:

     • Completed Transactions: The recipient receives a notification via SocketFi's Notifier bot, including details of the tokens received and the sender's information.

     • Failed Transactions: If the recipient's account does not exist and the transaction is aborted, the recipient is notified of the attempted transfer, along with instructions on creating a SocketFi account.

This mechanism enables users to send and receive tokens conveniently using human-readable usernames instead of conventional wallet addresses. For those who prefer traditional methods, direct wallet address transfers are still supported, offering flexibility and convenience.

Transaction Execution Logic

The schematic below illustrates the transaction execution logic of the SocketFi smart wallet for transactions initiated on sub-wallets created via social media sign-in.

To initiate a transaction, such as sending a token to an address or swapping a token for another, the user:

1. Enters and/or select the transaction details, including the token to be transferred or swapped, the amount, and either the recipient’s address or the token to swap to.

2. Enters their transaction password, which was set when the account was created, then submits the transaction to initiate it.

If the amount entered exceeds the allowed limit, the transaction submission fails, and the user is notified to adjust the amount within the limit.

After the transaction has been initiated, the following steps take place:

1. The backend generates a zero-knowledge (zk) proof for the account.

2. The zk proof is sent on-chain to the main wallet contract, where access to the sub-wallet is validated.

   • If validation fails, the transaction is aborted, and a validation failure notification is sent.

   • If validation succeeds, the transaction proceeds to the next steps.

3. The sub-wallet generates a sequential transaction nonce, which is combined with transaction parameters to create a transaction-based nonce.

4. The main wallet retrieves the sequential nonce from the sub-wallet and checks that it is one increment above the previous nonce.

   • If this check fails, the transaction is rejected due to an invalid sequential nonce.

5. The main wallet then regenerates the expected transaction-based nonce based on the sequential nonce and the transaction parameters.

6. To verify the transaction’s validity and user approval, the main wallet retrieves the transaction-based nonce from the sub-wallet and compares it to the expected nonce.

   • If the nonces do not match, the transaction fails with an invalid transaction nonce.

   • If they match, the transaction is marked as approved and executed by an authorized signer.

Finally, the transaction marked fulfilled and the transaction nonce is cleared.

As described above, it is clear that SocketFi smart wallet transaction execution logic offers robust security, streamlined user experience, and reliable validation for onchain Soroban transactions. By incorporating social media sign-in, it enables seamless account creation and access, making DeFi, and other dApps and web3 tools more accessible. The multi-layered authentication process — from the user-entered transaction password to backend zero-knowledge proof (zk proof) generation and sequential nonce validation — ensures only authorized transactions are executed, safeguarding assets from unauthorized access. This process minimizes the risk of errors or fraud by meticulously verifying transaction parameters at multiple stages. Additionally, the real-time feedback provided upon transaction submission helps users adhere to allowance limits, enhancing both user control and compliance with wallet restrictions. Altogether, the SocketFi system combines enhanced security measures with user-friendly steps, creating a smart wallet environment that is both safe and efficient for managing digital assets.