Gnoland Wallet Policy Proposal

[dongwon8247]

Gnoland Wallet Policy Proposal

As a censorship-resistant sovereign L1 smart contracts platform, transparency and security are of highest importance to Gnoland. I've opened this issue to propose and discuss a draft of a wallet policy that will set a technical baseline for wallets looking to integrate Gnoland. I hope to see this initiative scaling to a larger movement, inspiring creations of effective community-drafted policies across other sectors of dapps, or even to contribution guidelines, which will be critical for Gnoland, especially with its unique consensus mechanism, Proof of Contribution.

Goals

• Set a set of criteria to establish a secure and healthy open source ecosystem for Gnoland wallets.
• Create a whitelist of qualified wallets (or dapps) to list them on gno.land/somewhere (ecosystem) in the future.
• Ensure that users understand and are aware of the importance of managing their confidential information such as private keys and seed phrases.

Criteria

1. Open source

• Wallets must be open source, or commit to a timeline for open sourcing.
• Wallets should be built in the spirit of open sourcing learnings & findings for everyone to learn from and be open to be audited by anyone.

2. Development Structure

• Usage of the BIP44 derivation path in multi-account hierarchy is highly recommended for determinism.
• Leveraging a verifiable open source RNG when generating the seed syntax.
• Seed phrases and private keys must be encrypted and saved only on users' devices. When signing a contract, the wallet must be unlocked by the user with additional security procedures such as a password, a biometrics scan, or a pattern lock. Also, any confidential information of users must not be exposed to a centralized server. No exceptions.
• Wallets must communicate with the Gnoland server directly using the official endpoints(https://rpc.test2.gno.land/) to query on-chain data.
• Avoid using external servers for the parts that can be replaced by the official Gnoland server.

3. Minimum Required Functions

• Creating a Gnoland address and checking the balance of $GNOTs and other tokens on Gnoland.
• Displaying the transaction history.
• Executing GNO-contracts (Realms).
• Supporting interactions with Dapps.
  - Display raw data and a warning when signing a contract.

4. Sustainability

• The wallet team should be able to continuously develop the product to meet the needs of the Gnoland blockchain ecosystem as it grows.
• The wallet team should provide a vision, a direction, and plans for their work for Gnoland.

5. Documentation (Optional)

• Developer docs: Providing integration documents to developers building Dapps in the ecosystem.
• User guide docs: Providing a user guide for beginners.

6. Community-focused (Optional)

• Highly valuing feedback from the users to improve the product.
• Operate a public community channel to share any news related to the product (updates, development process, partnerships, and more)

7. Audit (Optional)

• Requesting a public audit report from a reputable cyber security services provider is highly recommended.
• Running a penetration test on relevant applications and servers is also deemed good practice.