S.C.I

Screenshots

Problem Statement

Our primary focus is to create a permissionless, transparent, and safe ecosystem where users can easily interact with their favorite Dapps. SCI (Secure Contract Interaction) is a Public Good organization founded at the EthGlobal Istanbul Hackathon. It was created to reduce web3 risks and vulnerabilities. We work on three main pillars:Verifiability: We built an on-chain DNS domain-to-address verification system using ENS and a set of custom smart contracts that allow domain owners to whitelist the contracts their page should interact with.Reliability: As our system cannot depend exclusively on domain owners, we built a product that provides users the possibility to flag domains or contracts if they're acting maliciously. through an attestation system.Accessibility: We have multiple tools to facilitate information to users to proactively identify threats and vulnerabilities in the Web3 ecosystem.Metamask snap will show a message if the contract is not verified or has been flagged as malicious.We built a subgraph so anyone could easily access our contract information.A Push notifications system was developed so users could receive updates on attestations and on-chain interactions.

Solution

We've engineered an on-chain contract-to-domain verification system, empowering domain owners to curate a list of approved contracts capable of interacting with their domains. Leveraging Ethereum Name Service (ENS), we validate domain ownership. The flexibility of our system allows for the seamless integration of additional verification methods in the future.Enabling users to develop tools around this system, we've constructed a dedicated subgraph, facilitating easy data queries. Proactive measures were set in place to swiftly respond to potential threats, exemplified by our snap plugin, which promptly notifies users if a contract they are engaging with is unauthorized—an invaluable defense mechanism in the wake of incidents like the Balancer frontend attack.Acknowledging the inherent risk of relying solely on website owners, we've implemented Ethereum Attestation Service (EAS). This feature empowers users to attest to the security of a page, mitigating the risk of malicious activities, even if initiated by the domain owner.To provide a centralized hub for users, we've developed a user-friendly web page. This interface not only allows users to explore domains and add contracts but also provides a platform for attestation and notifications. We leverage Next.js in conjunction with wagmi, ethers, and rainbow kit to develop the webapp faster.We've created a demonstration app on the Cowswap widget. This showcases the versatility of our product and its potential applications, positioning it as a valuable asset for users in various scenarios.In addition to all that we added Web3Inbox to alert users if an attestation has been done or if a contract has been added to a domain