Interview: Algorand launches LiquidAuth to combat WalletConnect vulnerability
06/26/2024 21:13The Algorand Foundation has introduced LiquidAuth, a new tool to decentralize wallet authentication and communication in crypto.
The Algorand Foundation has introduced LiquidAuth, a new tool to decentralize wallet authentication and communication in crypto.
Developers in the crypto space have experienced a vulnerability in wallet communications due to most transactions going through a centralized wallet. On Wednesday, the Algorand Foundation introduced LiquidAuth, a decentralized tool that aims to address this flaw.
LiquidAuth aims to distribute wallet communication by enabling secure, peer-to-peer connections and reducing reliance on central providers. The new project aims to tackle the significant security risk associated with centralized wallet communication services, particularly WalletConnect.
In other words, many crypto transactions are vulnerable at a single point of failure found in their wallet. This wallet is centralized and most likely relies on WalletConnet, which is susceptible to security flaws.
Using established standards and protocols, LiquidAuth allows secure, peer-to-peer communication between wallets and applications (apps or dApps).
LiquidAuth was created to address the vulnerabilities in WalletConnect, but it can also be utilized in other types of traditional web applications.
“The ‘secret-sauce’ of LiquidAuth is weaving together the best of already established protocols to create a truly decentralized way to authenticate peer-to-peer communications,” Bruno Martins, Principal Architect at Algorand Foundation told crypto.news in an interview.
Algorand addresses centralization communication risks
The growing need for LiquidAuth stems from security risks associated with centralized communication providers. WalletConnect is widely used in the crypto industry as a central communication link between wallets and apps. However, this system introduces vulnerability.
“LiquidAuth can use multiple channels and ways to find each other’s IP to do P2P comms; therefore, it does not have a single point of failure,” Martins said.
Martins further elaborated on the issues with WalletConnect, “Any application and wallet needs to ask permission from WalletConnect to enhance features and often, with their new cloud setup, register for whitelisting. They are willing to blacklist certain regions due to geo-political reasons.”
LiquidAuth aims to eliminate these restrictions by providing a decentralized, permissionless alternative.
“The whole web3 space signals immaturity to big integrators when they have to trust an non-open protocol (even if implementations are open source) for the flow of information,” Martins said.
LiquidAuth features
LiquidAuth offers several improvements to WalletConnect. According to Martins, “LiquidAuth allows any ecosystem wallets, apps, or businesses to establish P2P authenticated communication, enables wallets to provide proof of device ownership, and enables proof of knowledge of the required secret keys related to a user’s identity and/or accounts.”
In other words, LiquidAuth lets wallets, apps, and businesses securely communicate and prove device ownership and user identity. It ensures that only verified messages are sent between wallets, improving security.
LiquidAuth’s decentralized design also means there is no single central server, which lowers the risk of attacks.
Open-source
One of LiquidAuth’s main principles is its open-source nature. Martins emphasizes that LiquidAuth is fully open source and utilizes only open standards.
LiquidAuth serves as a means for combining existing infrastructure, standards, and protocols without the need to rely on only one company. This reliance on one company or product for the flow of information leads to serious vulnerabilities.
LiquidAuth ensures interoperability and security without introducing new vulnerabilities. This approach allows for seamless integration across various digital platforms.
Governance and community involvement
The Algorand Foundation hopes to improve and maintain its project with community contributions.
“We will maintain our own implementation and improve it to give the Algorand ecosystem unique decentralization levels,” Martins said. The foundation welcomes contributions, suggestions, and changes from developers and organizations to enhance LiquidAuth.
Algorand believes that the benefits of a decentralized, permissionless system will naturally attract big developers.
The primary motivator when adopting LiquidAuth is the freedom from reliance on a centralized entity. Providing projects and wallet developers with the freedom to create their protocols and systems without seeking permission from a specific company or product is an immense incentive in itself.