VELLET: Verifiable Embedded Wallet for Securing Authenticity and Integrity
Hiroki Watanabe, Kohei Ichihara, Takumi Aita
TL;DR
VELLET tackles the security vulnerabilities of embedded wallets by introducing a verifiable framework that ties embedded wallet code to audited front-end domains through a Wallet Verifier and ENS-based audit trails. The protocol comprises an Audit Phase, where an audit trail $A_t$ and wallet hash $H_w$ are recorded on a blockchain, and a Verification Phase, where a browser extension uses this trust anchor to gate wallet usage and detect tampering via $H_u$ and related hashes. A proof-of-concept on Goerli demonstrates feasibility using Next.js, Soulbound Tokens, and ENS Text Records to minimize new contract development costs, with a cost model showing initial deployment under $30 and scalable ongoing fees. The work provides a decentralized, auditable layer to mitigate phishing and integrity risks in embedded wallets while preserving onboarding usability, and it generalizes beyond wallets to broader Dapp auditability. Overall, VELLET offers a practical path to secure, verifiable embedded wallets within Web3 ecosystems.
Abstract
The blockchain ecosystem, particularly with the rise of Web3 and Non-Fungible Tokens (NFTs), has experienced a significant increase in users and applications. However, this expansion is challenged by the need to connect early adopters with a wider user base. A notable difficulty in this process is the complex interfaces of blockchain wallets, which can be daunting for those familiar with traditional payment methods. To address this issue, the category of "embedded wallets" has emerged as a promising solution. These wallets are seamlessly integrated into the front-end of decentralized applications (Dapps), simplifying the onboarding process for users and making access more widely available. However, our insights indicate that this simplification introduces a trade-off between ease of use and security. Embedded wallets lack transparency and auditability, leading to obscured transactions by the front end and a pronounced risk of fraud and phishing attacks. This paper proposes a new protocol to enhance the security of embedded wallets. Our VELLET protocol introduces a wallet verifier that can match the audit trail of embedded wallets on smart contracts, incorporating a process to verify authenticity and integrity. In the implementation architecture of the VELLET protocol, we suggest using the Text Record feature of the Ethereum Name Service (ENS), known as a decentralized domain name service, to serve as a repository for managing the audit trails of smart contracts. This approach has been demonstrated to reduce the necessity for new smart contract development and operational costs, proving cost-effective through a proof-of-concept. This protocol is a vital step in reducing security risks associated with embedded wallets, ensuring their convenience does not undermine user security and trust.