Vaulti: The multi auth Cardano Vault

[Proposal setup] Proposal title

Please provide your proposal title

Vaulti: The multi auth Cardano Vault

[Proposal Summary] Budget Information

Enter the amount of funding you are requesting in ADA

100000

[Proposal Summary] Time

Please specify how many months you expect your project to last

12

[Proposal Summary] Translation Information

Please indicate if your proposal has been auto-translated

No

Original Language

en

[Proposal Summary] Problem Statement

What is the problem you want to solve?

Web3 assets risk loss: keys get hacked, hardware wallets tricked, multisig is hard, custody kills sovereignty. Our 2FA vault uses wallet + Identity Oracle (TOTP, WebAuthn) for secure control.

[Proposal Summary] Supporting Documentation

Supporting links

• https://landing.vaulti.app
,
• https://drive.google.com/drive/folders/1n3HARTwHIVn04tfLBxd4rc6VhigPr9rb

[Proposal Summary] Project Dependencies

Does your project have any dependencies on other organizations, technical or otherwise?

No

Describe any dependencies or write 'No dependencies'

No dependencies

[Proposal Summary] Project Open Source

Will your project's outputs be fully open source?

Yes

License and Additional Information

Our project is fundamentally open source. The on-chain smart contracts and developer SDKs are fully open (MIT/Apache) for maximum transparency. The backend oracle is the only exception; its implementation is kept private as a critical security measure to protect the central co-signer from targeted attacks. To ensure trust, this component will be fully audited by independent security firms, with results made public.

[Theme Selection] Theme

Please choose the most relevant theme and tag related to the outcomes of your proposal.

Security

[Campaign Category] Category Questions

Describe what makes your idea innovative compared to what has been previously funded (whether by you or others).

Our on-chain MVP on the Cardano testnet will showcase Vaulti’s non-custodial 2FA layer securing assets without modifying dApps or wallets. Users connect a CIP-30 wallet, deploy a 2-of-2 multisig Vault, and link a TOTP app. They can send ADA/NFTs to the Vault and execute secure transactions on any dApp: the Vaulti extension intercepts signing, prompts for a 6-digit TOTP, and only then co-signs. Without 2FA, transactions fail, proving enhanced security. The MVP will be publicly accessible with a dashboard, extension, contracts, and docs, plus community beta testing with incentives.

Describe what your prototype or MVP will demonstrate, and where it can be accessed.

Vaulti delivers a new layer of security on Cardano: a universal, non-custodial 2FA that works across all dApps and wallets without integrations. It fuses on-chain 2-of-2 multisig with Web2-friendly methods (TOTP, WebAuthn, Google Login), balancing strong security with ease of use. A browser extension intercepts CIP-30 signing, adding 2FA instantly to any transaction. Users can even onboard via Google login, lowering barriers for newcomers. Vaulti isn’t another multisig, it’s a security and usability layer tackling phishing risks and enabling next-gen authentication.

Describe realistic measures of success, ideally with on-chain metrics.

Success will be measured by Adoption, Usage, and Impact, with on-chain metrics prioritized. Key measures:

1. Number of deployed Asset Vaults,each deployment signals adoption.
2. Total Value Locked (ADA, tokens, NFTs),showing trust in the system.
3. Number of 2FA-secured transactions, tracking real security usage. Using a conservative Bass Diffusion Model with Cardano TAM growth, projections show ~45k active users at 12 months and ~90k by 24 months (≈7–8% of active wallets). Off-chain, success includes user recovery rate and wallet integrations.

[Your Project and Solution] Solution

Please describe your proposed solution and how it addresses the problem

Vaulti is a multi-authentication, non-custodial 2FA system for Cardano, designed to secure on-chain transactions with minimal user friction by adding a universal security layer on top of the existing ecosystem.

How It Works: The Core Architecture

The system is built on three components working in concert:

The On-Chain Asset Vault: Users deploy a personal 2-of-2 multisig smart contract on the Cardano blockchain. This vault is more than a simple multisig; it's a sophisticated digital safe deposit box with built-in safeguards that guarantee user control.

• Primary Function: Requires two signatures (user's wallet + Vaulti's 2FA oracle) to move assets, providing robust protection against key theft.
• Guaranteed Fund Safety: The Escape Hatch: To ensure you are always in control of your assets, the contract includes a safety withdrawal mechanism. You can start this process using only your own wallet signature, which begins a security time-lock (e.g., 7 days). Once the time-lock is over, you can move all your funds out of the vault without needing our service or any 2FA. This guarantees you can always access your funds, even if the Vaulti service were to disappear. The time-lock is also a crucial security feature: it prevents an attacker who steals your key from instantly draining your vault, giving you time to react.
• Secure Upgradability - Oracle Migration: The contract allows for the oracle's signing key to be updated. This action, initiated by the user, must be co-signed by the current oracle. This dual-control mechanism allows for secure system maintenance and upgrades while preventing malicious re-assignment of the co-signer.

The Off-Chain Identity Vault: This is our secure service that acts as the second co-signer (an "oracle"). It holds no user funds and cannot act alone. It will only provide the second signature for a transaction after the user successfully provides a valid second authentication factor.

Browser extension: This is our key innovation for seamless integration. The extension intelligently intercepts standard CIP-30 signing requests made by any dApp to any wallet. This allows it to inject a 2FA security check for protected assets without requiring any integration from dApp or wallet developers, making Vaulti instantly compatible with the entire Cardano ecosystem.

The User Experience in Action

The process is designed for consistent and comprehensive security:

1. A user connects their regular wallet (e.g., Nami, Eternl) to any dApp.
2. The user initiates any transaction.
3. The Vaulti extension intercepts every request and prompts for 2FA, but what happens next depends on where the funds are coming from:

• For transactions from your main wallet: The 2FA prompt acts as a powerful phishing-prevention check. It serves as a final confirmation step, ensuring you are consciously approving the transaction before your wallet signs it. This is an off-chain security gate that protects you from accidental or malicious clicks.
• For transactions from your high-security Asset Vault: The 2FA prompt is a fundamental on-chain security requirement. Here, your approval authorizes the Vaulti oracle to provide the mandatory second signature needed to unlock the funds from the smart contract. Without this co-signature, the transaction is invalid and will fail on the blockchain.

This creates two distinct layers of security: a preventative check for your everyday wallet and an unbreakable on-chain lock for your high-value assets.

Authentication Methods

TOTP (Initial Release): Time-based one-time codes from any authenticator app.

WebAuthn: Strong, phishing-resistant authentication using hardware keys, biometrics, or platform authenticators.

Google Login (OAuth): Easy sign-in for mainstream accessibility.

Google Login to wallet creation:

Non-crypto native users can generate a wallet derived from their Google authentication, with the Asset Vault security layer enabled by default.

Evolution Path

Phase 1 (This proposal): Cardano-only, with TOTP, WebAuthn, and Google login. Includes a theoretical analysis of relevant cryptographic primitives that could be useful in achieving additional desired properties.

Phase 2: Leverage advanced cryptographic techniques such as zero-knowledge proofs and threshold signature schemes to transition from custodial to non-custodial, further enhancing decentralization, privacy, anonymity, and censorship resistance, based on the research that took place in phrase 1.

Phase 3: Add support for cross-chain use, further enhancing interoperability and the reach of the Cardano ecosystem, thereby driving growth.

Why Multi-Auth Matters

• Lower Onboarding Barriers: New users can start with familiar sign-in flows.
• Increased Security: Multiple, phishing-resistant options for users.

[Your Project and Solution] Impact

Please define the positive impact your project will have on the wider Cardano community

Immediate Impact

Protect User Assets: Strong, multi-factor authentication reduces theft risk.

Boost Adoption: Mainstream-friendly onboarding via Google login.

Developer Enablement: SDK, browser extension allow easy dApp and wallet integration.

Long-term Impact

Enhancing security: Strengthening Cardano’s framework to better address social engineering attacks such as phishing.

ZK Privacy: Establish Cardano among the pioneering blockchains adopting privacy-preserving authentication.

Institutional Appeal: Meet compliance and security needs for enterprise adoption.

Cross-chain Connectivity: Future cross-chain integration expands reach and utility.

Measuring the Impact

Adoption Metrics: Asset Vault deployments, active linked wallets, authentication method usage breakdown.

Security Metrics: Reported phishing/compromise incidents among our users. Percentage of users who have an incident ( loss of their wallet ), and recovery rate. ( Able to get the funds in their vault back )

Integration Metrics: Number of dApps/wallets integrating our SDK.

[Your Project and Solution] Capabilities & Feasibility

What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

The team combines complementary expertise across development, research, business development, and marketing, making them uniquely positioned to deliver the project successfully.

Antony Agrios (Fouder - Lead Developer) Brings extensive experience in Web2, Web3, and AI development. He has a proven track record of designing and delivering end-to-end systems, including smart contracts, dApps, NFT platforms, and scalable backend infrastructures. As the creator of GyroSwap, he led the entire technical stack from concept to launch, showcasing his ability to transform complex ideas into real-world impact. His background spans advanced AI integration, protocol design, and large-scale distributed systems, establishing both deep technical capability and a reputation for execution and leadership.

Konstantinos Siagas (Co-founter - Business Development)

Specializes in public relations, business development, and community building. His skills ensure strong stakeholder engagement and a clear, consistent public narrative.

Giannis Mitsios - Varavas (Head of Marketing & Ecosystem Relations)

A recognized Cardano Ambassador and content creator with strong ties to the Cardano ecosystem. His established community presence and communication expertise are vital for outreach and adoption.

Giorgos Tsoumas (Lead Researcher & Protocol Designer): A PhD candidate at UPF, researching the intersection of game theory and blockchain science, with a particular focus on mechanism design for L2 sequencers. His academic expertise ensures that the project’s protocols are designed to be fair, secure, and sustainable, grounded in cutting-edge research.

Feasibility & Trust Measures

To ensure feasibility and accountability, the team has established a clear framework:

Transparency: Commitment to publishing regular public updates and open communication with the community.

Milestone-Based Funding: Funds will be tied to verifiable project milestones, ensuring resources are released only as progress is demonstrated.

Community Validation:

Actively engaging the Cardano community for feedback, enabling iterative refinement and alignment with user needs.

Proof of Concept (PoC):

A functional prototype will be built early to demonstrate technical viability and validate assumptions.

Code Transparency & Auditability:

All code commits will be openly shared for community review, enabling transparency and external verification of progress.

Conclusion

The team’s combined expertise, strong community ties, and structured accountability measures establish both the capability and the trustworthiness required to deliver this project successfully. By grounding development in proven processes and transparent validation, they are well-suited to responsibly manage funds and bring their vision to fruition.

[Milestones] Project Milestones

Milestone Title

M1 – Cardano MVP (Months 1–4)

Milestone Outputs

• Build Asset Vault contract on Cardano testnet
• TOTP authentication
• Browser extension intercepts Cardano wallet signing
• Refined Landing page
• Quality assurance review (3-5 external community members)

Acceptance Criteria

• The Asset Vault contract is deployed and functional on the Cardano testnet without significant bugs.
• Users can successfully set up and use TOTP to co-sign transactions.
• The browser extension correctly intercepts CIP-30 signing requests and injects the 2FA flow.
• The landing page is updated with multiple pages detailing the project and its features.

Evidence of Completion

• Public GitHub repository with open-source smart contract code.
• Live testnet deployment of the contract.
• Link to the browser extension for testing.
• Publicly accessible, refined landing page.
• Report summarizing feedback from the community quality assurance review.

Delivery Month

4

Cost

27000

Progress

30 %

Milestone Title

M2 – Multi-Auth Expansion (Months 5–7)

Milestone Outputs

• WebAuthn authentication flow implemented and functional
• Google Login OAuth integration completed
• Public dashboard MVP released
• Video demos of both WebAuthn and Google Login
• Updated documentation and user guides published

Acceptance Criteria

• Users can successfully register and authenticate using WebAuthn (e.g., YubiKey, biometrics) through browser extension.
• Users can link their Google account and use it to co-sign transactions.
• Scafolding MVP dashboard and make it available for users to link their wallets and create their vaults.

Evidence of Completion

• Video demonstrations of WebAuthn and Google Login authentication flows.
• Public link to the testnet dashboard.
• Updated documentation and user guides reflecting the new authentication methods.

Delivery Month

7

Cost

28000

Progress

60 %

Milestone Title

M3 – Prototype (Months 8–10)

Milestone Outputs

• Google-auth-derived wallet creation with default Asset Vault integration
• Protocol specification document outlining theoretical foundations and technical aspects
• Finalized dashboard for advanced users security customizability
• Land users in testnet

Acceptance Criteria

• New, non-crypto users can create a wallet using their Google account, with the Asset Vault automatically configured
• A comprehensive protocol specification document is published.
• The user dashboard allow users to manage their linked wallets and authentication methods, include advanced security settings ( escape hatch etc ) and is feature-complete for the initial public release

Evidence of Completion

• Video demonstrations of the fully functional dashboard, and of the Google-auth wallet creation and onboarding process.
• Public link to the testnet dashboard.
• Updated documentation and user guides reflecting the new authentication methods.

Delivery Month

10

Cost

27000

Progress

80 %

Milestone Title

M4 – ZK Research & Public Release (Months 11–12)

Milestone Outputs

• Security audit report published by a third-party firm
• ZK research document released with findings
• Finalized dashboard for non-custodial transition
• Smart contracts deployed on mainnet
• SDKs, contracts, and specs released open-source

Acceptance Criteria

• The full security audit report from a reputable third-party firm is published.
• The ZK research document detailing findings and future implementation paths is published.
• The mainnet version of the smart contracts, and SDKs specifications are publicly released under an open-source license.

Evidence of Completion

• Link to the published security audit report.
• Link to the ZK research document.
• Public GitHub repositories for the open-source components (contracts, SDKs).
• Official launch announcement and links to live mainnet product.

Delivery Month

12

Cost

17000

Progress

90 %

Milestone Title

M5 - Report

Milestone Outputs

• Final comprehensive written report published
• Close-out video summarizing project journey and outcomes
• Public availability via GitHub, official website, and community channels
• References to prior artifacts for cross-validation of claims

Acceptance Criteria

• The project must deliver a comprehensive written report that documents the entire lifecycle, starting from the original proposal through to the final outcomes. The report should detail each milestone, noting successes, challenges, and adjustments along the way.
• The report should compare outcomes against the original plan, clearly showing where expectations were met, exceeded, or altered.
• It must include a section on challenges encountered during development, providing context on technical, organizational, or strategic obstacles, and outlining how these were resolved.
• The milestone requires production of a close-out video summarizing the project’s journey. This video should be 5–10 minutes, visually engaging, and understandable by both technical and non-technical audiences.

Evidence of Completion

• Final comprehensive written report published
• Close-out video summarizing project journey and outcomes
• Public availability via GitHub, website, and community channels
• References to prior artifacts for verification

Delivery Month

12

Cost

1000

Progress

100 %

[Final Pitch] Budget & Costs

Please provide a cost breakdown of the proposed work and resources

100,000 – Allocation across:

• Development (backend, contracts, extension) 20,000
• Multi-auth integration (WebAuthn, Google login, wallet generation) 20,000
• Protocol development and specification 5,000
• ZK research 5,000
• Security audit (on-chain infrastructure) 10,000
• Dashboard 23,500
• Hosting, CI/CD, and test environments 1,500
• Developer outreach and integration support 5,000
• Contingency (~10%) 10,000

[Final Pitch] Value for Money

How does the cost of the project represent value for the Cardano ecosystem?

This proposal delivers a scalable, multi-auth security layer for Cardano that serves both security-conscious veterans and mainstream newcomers. By combining immediate asset protection with easy onboarding, and examining ZK-based decentralization and anonymity, we ensure the system remains relevant and competitive long-term. The open release of contracts, SDKs, and API specs ensures broad adoption potential, while the closed backend guarantees sustainable operation and consistent service quality.

[Required Acknowledgements] Consent & Confirmation

Terms and Conditions:

Yes