Radar Integration

Proposal Overview
Adding support for direct integration with Radar extension, enabling Tally users to add optional protection from scams etc. The feature would be opt-in and extensible to other “wallet apps”. You can read more about radar at our twitter at https://twitter.com/meshedlabs .

Contributors - Chris Hunter, Con Mcgee-Stocks, Chris Ye - co-founders of Meshed Labs

Proposal Details

Note this is a fresh proposal, with no previous discussions.

We request to build support for integrating with other extensions into Tally, starting with Radar. An added Tally settings panel would control the connection to externally connectable extensions and service workers. This connection would be a communication channel, first passing signature requests (RPC calls such as eth_sendTransaction and eth_signTypedData) allowing for Radar to run a risk analysis on the proposed transaction and second enabling extensions to call Tally for RPC requests.

  • Tally would be first to add direct support for security extensions and open the door to other wallet apps such as our other extension, Courier [ Translating RPC calls to Gnosis Safe proposals ].
  • This eliminates the current man-in-the-middle technique of existing security extensions intercepting RPC calls sent to window.ethereum.
  • Tally as a representative piece for other wallets to use as an example for their own integrations with wallet apps.
  • Feature is opt in [ must enable in Tally + install Radar for connection to work ]

Timeline
As soon as the proposal is accepted we can start working on development, submitting a PR request in a short [but unknown] timeframe. Better scoping can be done if the initial response to the proposal is positive.

Success Metrics

Primary:

  • Tally wallet adoption

Secondary :

  • Social sentiment - ( conversations about tally doing more to protect their users )
  • Transaction volume - ( more people transacting because they feel safe )
  • Net promoter score - ( if currently tracked )

What are the key benefits?

Tally becomes differentiated in the market being the first to directly integrate w/ security extensions. Radar supports Tally users wanting additional layers of security and increases its usage.

What are the most likely risks?

Risks are minimal because Radar isn’t able to modify the RPC call, but only give its analysis on it. Granular permissions can modify what a wallet app can do. Feature is opt in so users not wanting to use it have no impact. Since future integrations are managed as a proposal, there is no risk of installing malicious apps.

Screens
Tally settings panel extension connections

5 Likes

This sounds good but I don’t have the technological expertise to know this. Maybe somebody from the dev team could speak to this for both benefits and possible issues.

2 Likes

Interesting proposal! Doing a little tech diligence to move the conversation along → is Radar open source and something we can audit / review?

1 Like

Radar has extension code which is open source and an API which is closed.

The extension can definitely be audited and demonstrated that it only intercepts relevant RPC calls (such as eth_sendTransaction) for analysis and does not modify them.

We may be open to an internal audit of the API but are not yet ready to open source that part.

Chris

Very interesting!

From a security perspective I would feel more comfortable if such add-ons weren’t actually “in-line”, but were fed the incoming RPC data from the dApp and returned data for enrichment purposes that could be displayed to the user alongside the normally displayed information.

dApp sends RPC > Wallet gets it > if relevant for a given add-on sends a copy of the info to get enrichment info > Wallet continues to use the original data from the dApp and can display additional content when relevant.

This would theoretically remove the possibility of tampering.

1 Like

nice it is so cool my bro