Madhavan MalolanPermissionless Hierarchy : A new way to look at DAOs.
DAOs are the biggest misnomer of web3. They don’t work, and no one seems to know how to make it work. Here, I present a view to challenge the way we look at DAOs to begin with. The take-away for me from 2 days of DAO discussions in Amsterdam is nobody has figured out how to manage the chaos to get anything useful done in a DAO. DAOs are today just a glorified Discord channel with no clear route to be either Decentralized (what does that even mean?) or Autonomous. “DAO” is a marketing gimmick....
Madhavan MalolanRequest to build - Decentralized NFT based lending protocol
A completely decentralized protocol that lets people borrow money from the treasury by producing an NFT. This is to be built on top of LooksRare, because LooksRare is decentralized and hence infinitely composable.Borrow at floor priceProduce an NFT from an NFT collection on LooksRare. The maximum amount you can borrow against the NFT is the minimum floor price of that collection over the last 30 days. You can only deposit verified collections’ NFTs - for securing the protocol. Open to any oth...
Madhavan MalolanRequest to build - A decentralized Audit Marketplace mechanism design
Auditing wait times on top audit firms are 9-12 months and expensive. We need something that is more participative and allows for new and yet-unproven security auditors. Here I propose a decentralized audit marketplace that turns the auditing process into a prediction marketplace.1. Select a juryA jury is usually reputed security engineers. This jury doesn’t do the audit itself, but only signs off a reported vulnerability as a real bug. There are 5 jury members selected for every audit. They ...
Founder [Questbook (YCw21)](https://questbook.xyz) Writing about things that need to be built in web3
Madhavan MalolanPermissionless Hierarchy : A new way to look at DAOs.
DAOs are the biggest misnomer of web3. They don’t work, and no one seems to know how to make it work. Here, I present a view to challenge the way we look at DAOs to begin with. The take-away for me from 2 days of DAO discussions in Amsterdam is nobody has figured out how to manage the chaos to get anything useful done in a DAO. DAOs are today just a glorified Discord channel with no clear route to be either Decentralized (what does that even mean?) or Autonomous. “DAO” is a marketing gimmick....
Madhavan MalolanRequest to build - Decentralized NFT based lending protocol
A completely decentralized protocol that lets people borrow money from the treasury by producing an NFT. This is to be built on top of LooksRare, because LooksRare is decentralized and hence infinitely composable.Borrow at floor priceProduce an NFT from an NFT collection on LooksRare. The maximum amount you can borrow against the NFT is the minimum floor price of that collection over the last 30 days. You can only deposit verified collections’ NFTs - for securing the protocol. Open to any oth...
Madhavan MalolanRequest to build - A decentralized Audit Marketplace mechanism design
Auditing wait times on top audit firms are 9-12 months and expensive. We need something that is more participative and allows for new and yet-unproven security auditors. Here I propose a decentralized audit marketplace that turns the auditing process into a prediction marketplace.1. Select a juryA jury is usually reputed security engineers. This jury doesn’t do the audit itself, but only signs off a reported vulnerability as a real bug. There are 5 jury members selected for every audit. They ...
Founder [Questbook (YCw21)](https://questbook.xyz) Writing about things that need to be built in web3
Subscribe to Madhavan Malolan
Subscribe to Madhavan Malolan
Share Dialog
Share Dialog
<100 subscribers
<100 subscribers
Wallets don’t need security on day 1, onboarding needn’t be so hard. Here, I present a wallet design that is easy for users to onboard and secure enough when deemed appropriate.
When the user has 0 funds in their wallet, it is OK to have lower security. But a not-so-secure wallet doesn’t scale. How can users have a wallet who’s security adapts to assets in custody?
After researching over 30 wallet apps/extensions - I feel confident that there’s not going to be one wallet to rule them all in the near future.
Every developer serious about their Dapp’s user experience will build their own (disposable) wallet.
The apps should create a private key for the user and manage the transactions using the said private key under the hood. Even better if the app uses a relayer to make sure the end user needn’t have to have crypto to pay gas before they make their first transaction (meta-transactions).
Each app that creates a new wallet for it’s users may or may not be secure. If you are building a web app, you might consider creating a wallet for the user in-browser. Meaning, you just store the wallet’s private key in a localstorage.
This is a major security risk. But it is OK when the user has just signed up, doesn’t have any funds to lose. The purpose of this wallet is to get started and eventually dispose the wallet.
When the above disposable wallet is created by the app, it should also deploy a smart contract wallet with the newly created in-browser disposable wallet as its designated signatory.
All that this smart contract does is forwards the calls. In other words, all it does is changes the msg.sender ;
This smart contract wallet has 3 modes that gives it progressive security.
Default mode, where all the calls are forwarded if it comes from the designated disposable in-browser wallet
Single signer mode, where the user can replace the designated wallet address to a more secure wallet like Metamask.
Multi sig mode, where the user can replace the designated wallet address with multiple addresses needing a k/n for any transaction to go through.
[ Bonus ] HD wallet mode, the user can replace designated wallet with a HD wallet for maximum security (technically same as #2)
The app that provides this disposable wallet along with progressive security should educate the users at the right time to upgrade their security. E.g. move to metamask when you have $100 worth of assets; move to multi sig when you have $10,000 assets etc.
Great user experience because they don’t need to install a separate wallet if they don’t have one already
The user experience on current wallets are all optimized for DeFi/trading - which may or may not be the ideal experience for, say, a game
When upgrading security, the address shouldn’t change; especially because lot of smart contracts use msg.sender as user identification
Wallets don’t need security on day 1, onboarding needn’t be so hard. Here, I present a wallet design that is easy for users to onboard and secure enough when deemed appropriate.
When the user has 0 funds in their wallet, it is OK to have lower security. But a not-so-secure wallet doesn’t scale. How can users have a wallet who’s security adapts to assets in custody?
After researching over 30 wallet apps/extensions - I feel confident that there’s not going to be one wallet to rule them all in the near future.
Every developer serious about their Dapp’s user experience will build their own (disposable) wallet.
The apps should create a private key for the user and manage the transactions using the said private key under the hood. Even better if the app uses a relayer to make sure the end user needn’t have to have crypto to pay gas before they make their first transaction (meta-transactions).
Each app that creates a new wallet for it’s users may or may not be secure. If you are building a web app, you might consider creating a wallet for the user in-browser. Meaning, you just store the wallet’s private key in a localstorage.
This is a major security risk. But it is OK when the user has just signed up, doesn’t have any funds to lose. The purpose of this wallet is to get started and eventually dispose the wallet.
When the above disposable wallet is created by the app, it should also deploy a smart contract wallet with the newly created in-browser disposable wallet as its designated signatory.
All that this smart contract does is forwards the calls. In other words, all it does is changes the msg.sender ;
This smart contract wallet has 3 modes that gives it progressive security.
Default mode, where all the calls are forwarded if it comes from the designated disposable in-browser wallet
Single signer mode, where the user can replace the designated wallet address to a more secure wallet like Metamask.
Multi sig mode, where the user can replace the designated wallet address with multiple addresses needing a k/n for any transaction to go through.
[ Bonus ] HD wallet mode, the user can replace designated wallet with a HD wallet for maximum security (technically same as #2)
The app that provides this disposable wallet along with progressive security should educate the users at the right time to upgrade their security. E.g. move to metamask when you have $100 worth of assets; move to multi sig when you have $10,000 assets etc.
Great user experience because they don’t need to install a separate wallet if they don’t have one already
The user experience on current wallets are all optimized for DeFi/trading - which may or may not be the ideal experience for, say, a game
When upgrading security, the address shouldn’t change; especially because lot of smart contracts use msg.sender as user identification
No activity yet