How Waymont works

Architecture

Most simply, Waymont is a 2-of-2 multi-signature Safe.

Signer 1 is your enrolled mobile device or what we call your “Trusted Device.” It can only sign a transaction when you verify a transaction’s details and approve it using your biometrics via the Waymont Mobile App.
Signer 2 is the Waymont Policy Guardian smart contract. It can only sign a transaction when the transaction meets your preset transaction policy and originates from your Waymont Web account. It can never initiate a transaction.

You must initiate all account activity from your Waymont Web and SSO. Signing transactions, recovery requests or making updates to your account can only be initiated by you in this way.

If you choose to opt-in to recovery, the Waymont Recovery Module is added to your Safe (as a Safe module). If you trigger a recovery request via your Trusted Guardians, the Waymont Recovery Module verifies that 51% of your Trusted Guardians have approved of the recovery and the Policy Guardian enforces a 48 hour delay on any recovery.

You may cancel recovery from within Waymont Web and SSO.

Security safeguards

Each component of Waymont – Waymont Web, Waymont Connect and Waymont Mobile – is meticulously designed with security safeguards to keep you protected at all times.

Waymont reduces risk through redundant design. Meaning that even if an attacker were to gain access to any one component of your Waymont account – they would need to compromise at least two other components to steal your funds.

For example, if an attacker hacks your Waymont Web SSO, they would need to gain access to your local mobile signer (and your face) and the Waymont Policy Guardian to drain your funds.

This drastically minimizes the number of things you can do that will lead to a loss of funds. Read more: here.

Contracts

Waymont Vault contracts are the core Safe (formerly Gnosis Safe) v1.4.0 contracts, found here (Safe Core SDK for v1.4.0 found here).

There are three contracts in addition to the core Safe contracts that Waymont uses to protect your account: signer, recovery, and policy guardian contracts. All have been audited by Trail of Bits here.

The signer contract acts as a required signer for your Safe. It is a multi-sig with your Trusted Devices enrolled as its signers. It may only sign a transaction initiated from your Waymont Vault, when you approve a transaction from your Trusted Devices.

The policy guardian contract also acts as a required signer on your Safe. The policy guardian contract checks that every transaction meets your transaction policies. In the case that a transaction does not meet your policies, it does not sign that transaction.

The recovery contract is an opt-in module on the user's Safe. It is a multi-sig with your Trusted Guardians as enrolled as its signers. It may only sign a transaction initiated from your Waymont Vault, when 51% of your Trusted Guardians have approved recovery. The recovery module contract does not initiate transactions besides the secure recovery of your funds. Signer and recovery module contracts can be found here (uses code isolated from the Safe contracts seen here).

Our June 2023 Trail of Bits Audit report of all contracts can be found here.

PreviousJoin Waymont NextWaymont Mobile

Last updated 1 year ago