How Waymont works
Architecture
Each Waymont Vault is a 2-of-2 multi-signature Safe. You control both signers, and you can take full control of your Safe - with or without Waymont's help.
Signer 1 is your "trusted signing device." You can enroll the Waymont Mobile App (or your preferred EOA) as your trusted signing device. You sign & approve transactions from this device.
Signer 2 is the Waymont Policy Guardian smart contract. It verifies that a transactions 1) are initiated by you and 2) meet your custom limits & policies. If it finds no violations, then it autonomously signs and relays your transaction.
Only you are able to initiate account activity from your Waymont Web account. Signer 1 and Signer 2 must approve every transaction.
You can offboard and remove the Waymont Policy Guardian as a signer (and take control of your Safe) at any time via the instructions: here.
A customizable security experience
On top of this architecture, are SAFE modules that you can opt into.
Recovery Module: enables you to change your "trusted signing device" via social recovery or iCloud recovery. Learn more: here.
External Signer Module: enables you to enroll your own external signing device as your "trusted sigining device." Require your favorite hardware or EOA to sign transactions.
Designed for robustness
At any time, transacting on Waymont requires 3 things:
Your trusted signing device (protected by biometrics if Waymont Mobile)
Your SSO login & Waymont account
Your compliant transaction policies
This limits the ability for anyone besides you to access your funds. It also minimizes the risk of you doing something wrong. More: here.
Contracts
Waymont Vault contracts are the core Safe (Gnosis Safe) v1.4.0 contracts, found here (Safe Core SDK for v1.4.0 found here). In addition, there is the Trusted Signer module, Waymont Policy Guardian module, and Recovery module. All have been audited by Trail of Bits here.
The Trusted Signer module is a multi-sig with your trusted signing devices enrolled as its signers. This supports Waymont Mobile & external signing devices. The Policy Guardian module is a contract that checks your transaction policies to confirm every transactions validity. In the case that a transaction does not meet your policies, it rejects the transaction. The Recovery Module is an opt-in module that enrolls a multi-sig with your trusted guardians as its signers. It may sign and trigger a change of your trusted signing device if 51% of your guardians approve recovery. Signer and recovery module contracts can be found here (uses code isolated from the Safe contracts seen here).
Our Trail of Bits Audit report of all contracts can be found here.
Last updated