Workflow¶
- Make your authorised transfer
sequenceDiagram
autonumber
participant PW as Primary wallet
participant Client as 2FA client
participant DApp as Automata 2FA Guru
participant Geode as 2FA Guru Geode
participant Contract as Target contract
note over PW, DApp: Make authorised transfer
PW->>DApp: Attempt to transfer 2FA protected assets
DApp-->>PW: Request 2FA code and recipient address
PW->>Client: Acquire a valid 2FA code
Client-->>PW: 6-digit 2FA code
PW->>DApp: Input the valid 2FA code and recipient address
DApp->>Geode: Ask for the validation
alt
note over Geode: Validation succeeded
Geode-->>DApp: Return a signature based on the actual transaction
DApp-->>PW: Metamask signature
PW->>DApp: Make authorised transfer
DApp->>Contract: Make authorised transfer
else
note over Geode: Validation failed
Geode-->>DApp: Return a validation error
DApp-->>PW: Request declined
end
- Recover your 2FA client
sequenceDiagram
autonumber
participant RW as Recovery Wallet
participant Client as 2FA client
participant DApp as Automata 2FA Guru
participant Geode as 2FA Guru Geode
participant Contract as 2FA authentication contract
RW->>DApp: Attempt to recover your 2FA client for your primary wallet
DApp->>Geode: Ask for the validation
Geode->>Contract: Check the binding relationship
alt
note over Geode: Validation succeeded
Geode-->>DApp: Return a new generated secret
DApp-->>Client: Scan the QR code to set up
Client->>DApp: Input a 6-digit 2FA code
DApp->>Geode: Confirm reset
alt
note over Geode: Validation succeeded
Geode->>DApp: Reset succeeded
else
note over Geode: Validation failed
Geode->>DApp: Return a validation error
end
else
note over Geode: Validation failed
Geode-->>DApp: Request declined
end
Key Components¶
- Primary wallet:
The wallet where users store and control their assets.
- Recovery wallet:
Used for identifying users' roles and resetting the 2FA device. The relationship between the primary wallet and the recovery wallet is saved on-chain after binding.
- 2FA client:
The device which provides the TOTP(Time-based one-time password).
The dApp hosted by the Automata team. It contains the 2FA management and wallet assets control panels. Users can sign up for 2FA and find the 2FA protected dApps in the management panel. They can also make authorised transfers under the wallet assets control panel.
- 2FA Guru Geode:
The 2FA middleware which is built upon the Intel SGX. With the provision of a secure, fully-shielded enclave, the platform connects seamlessly with dApps to provide support for 2FA verification on public blockchains. It's responsible for the 2FA secret generation, storage and authentication. Attackers cannot predict or calculate the valid signature outside the enclave, and its storage is encrypted internally and attackers are unable to view anything even if they managed to steal data.
Even though the assets are safe under the 2FA protection, it's still possible for attackers to steal the TOTP by using a phishing attack. To prevent this, we use an anti-phishing feature where our 2FA middleware can analyse the original domain and detect whether it's coming from the phishing domains or links by using daily updated phishing blacklists. If a malicious domain is detected, the geode will not provide a signature to keep users' assets safe. To uphold high security standards, we also support a custom domain whitelist for a specified dApp.