Vaulti: The multi auth Cardano Vault

[Proposal setup] Proposal title

Please provide your proposal title

Vaulti: The multi auth Cardano Vault

[Proposal Summary] Budget Information

Enter the amount of funding you are requesting in ADA

160000

[Proposal Summary] Time

Please specify how many months you expect your project to last

12

[Proposal Summary] Translation Information

Please indicate if your proposal has been auto-translated

No

Original Language

en

[Proposal Summary] Problem Statement

What is the problem you want to solve?

Web3 assets risk loss. Keys get hacked, hardware wallets tricked, multisig is hard, custody kills sovereignty.

[Proposal Summary] Supporting Documentation

Supporting links

• https://landing.vaulti.app
,
• https://chromewebstore.google.com/detail/vaulti-%E2%80%93-2fa-for-cardano/ncpabmodjlhpgdgkgfobfadijinbckmi?pli=1
,
• https://demo.vaulti.app/

[Proposal Summary] Project Dependencies

Does your project have any dependencies on other organizations, technical or otherwise?

No

Describe any dependencies or write 'No dependencies'

No dependencies

[Proposal Summary] Project Open Source

Will your project's outputs be fully open source?

No

Please provide details on the intellectual property (IP) status of your project outputs, including whether they will be released as open source or retained under another licence.

Vaulti follows a layered openness model. The code that holds funds is fully open; the code that protects your credentials requires controlled distribution.

Fully Open Source (MIT/Apache 2.0)

Smart contracts governing the Asset Vault, all SDKs, and the protocol specification (CC BY 4.0).

Source-Available (BSL 1.1)

The backend API server. Anyone can read, audit, and run the code for personal use.

Proprietary

The browser extension. This prevents malicious clones that could phish users.

[Theme Selection] Theme

Please choose the most relevant theme and tag related to the outcomes of your proposal

Security

[Campaign Category] Category Questions

Describe what makes your idea innovative compared to what has been previously launched in the market (whether by you or others).

The core innovation of Vaulti lies in its architectural approach to the problem of private key management. Traditional security models in crypto are binary. The user either holds full custody (and full risk) or delegates custody to a centralized exchange. Vaulti introduces a middle path via a 2-of-2 multisignature overlay that retains custodian-free autonomy while enforcing a second factor of authentication.

The Safety Belt Paradigm

The prevailing market assumption is that to improve security, one must build a better wallet. This has led to a fragmented landscape of competing wallet standards, each creating a walled garden. Vaulti challenges this assumption by positioning itself not as a car (the wallet) but as the safety belt.

This architecture is fundamentally distinct because it is Wallet Agnostic. A user does not need to migrate their seed phrase. Vaulti simply adds a Confirm step. This drastically lowers the barrier to adoption compared to competitors, that require a complete platform switch.

After investigation, below is a detailed analysis, comparing our solution to other projects:

A. Vaulti vs. ZkFold (The Infrastructure Builders)

The Difference

ZkFold builds the "engine" (backend infrastructure) that developers must adopt later. Vaulti builds the "seatbelt" (overlay) that works immediately for users today.

Strategic Edge

ZkFold requires high integration and long timelines. Vaulti offers "Zero Integration" utility. It protects users instantly without waiting for wallet developers to rewrite their code.

B. Vaulti vs. Frictionless Onboarding (Web2 Logins)

The Difference

These tools focus on User Acquisition (getting users in easily). Vaulti focuses on User Retention.

Strategic Edge

Vaulti acts as the "adult supervision" for social logins. The narrative is Let them sign in with Google (Frictionless) vs let them secure it with Vaulti.

C. Vaulti vs. NuFi (The Vertical Integrator)

The Difference

NuFi is a "Walled Garden". You must use their specific wallet app to get their security benefits. Vaulti is Horizontal. It works with the wallet the user already loves.

Strategic Edge

Vaulti respects user choice. It doesn't ask users to migrate or learn a new interface; it simply makes their current interface safer.

Describe what your prototype or MVP will demonstrate, and where it can be accessed.

The MVP is paired by the browser extension and a simple demo UI.

The user, after installing our browser extension and visiting our demo site will be able to:

1. Setup, and fund the first vault in Preview network, by connecting his favorite Cardano native wallet
2. Sign data to demonstrate how the 2fa modal will appear.
3. Send 1 test ada to a burn address, to demonstrate how signing a transaction will work with our extension
4. View UTXOs. Those UTXOs are a unified set of original wallet, and vault's UTXOs.
5. View that the extension is properly installed (Shown in the UI)

Demo UI (POC): https://demo.vaulti.app/

Browser extension: https://chromewebstore.google.com/detail/vaulti-%E2%80%93-2fa-for-cardano/ncpabmodjlhpgdgkgfobfadijinbckmi?pli=1

Describe realistic measures of success, ideally with on-chain metrics.

To satisfy the Prototype Launch requirement for clear KPIs, Vaulti commits to on-chain metrics that are immutable and verifiable.

• Number of Deployed Asset Vaults. A direct count of smart contract deployments.
• Total Value Locked (TVL) in Vaults. The aggregate ADA and Native Token value held in Vaulti contracts. This is a proxy for "Trust."
• Transaction Volume. The count of successful multisig transactions co-signed by the Identity Vault.
• User Recovery Rate. (Secondary Metric) The number of successful "Escape Hatch" interactions, demonstrating the non-custodial guarantee in action.
• Adoption Modeling. Utilizing a Bass Diffusion Model, the project targets a conservative adoption rate. With a starting base of active testnet users, the model projects ~45,000 active users by the end of Year 1 (approx. 5.3% of active wallets). This projection accounts for a churn rate of 20% and an innovation coefficient of 0.005, ensuring the estimates are grounded in realistic growth patterns rather than "up-only" hype.

[Your Project and Solution] Solution

Please describe your proposed solution and how it addresses the problem

The Cardano ecosystem currently forces users into a dangerous binary. The vulnerability of hot wallets or the high friction of hardware cold storage.

Vaulti operates as a browser extension paired with a smart contract "Asset Vault".

It intercepts CIP-30 transaction requests from dApps before they reach the blockchain. As a mechanism of action, Vaulti system operates as a smart contract layer that sits on top of the user's existing address.

More specifically, Vaulti works in the following way:

1. The Asset Vault. The user deploys a smart contract that holds their assets. This contract is programmed to require two signatures: the user's standard wallet key (Key A) and the Vaulti service key (Key B).
2. The Interception Layer. The Vaulti browser extension monitors the window object for CIP-30 signing requests. When the user attempts to interact with a dApp (e.g., swap on Minswap), the extension intercepts the request.
3. The Authentication Event. Instead of the transaction going straight to the blockchain, the extension prompts the user for a 2FA code (TOTP or WebAuthn).
4. The Co-Signing. Upon successful verification of the 2FA code, the Vaulti backend (Identity Vault) provides the signature for Key B.
5. The Execution. The transaction, now bearing both Key A and Key B signatures, satisfies the smart contract logic and is validated by the Cardano network.

[Your Project and Solution] Impact

Please define the positive impact your project will have on the wider Cardano community

Vaulti fundamentally transforms the Cardano security landscape by bridging the critical gap between user convenience and asset safety. By introducing a universal Security Overlay, we directly combat the ecosystem's most pervasive threat; wallet draining attacks.

For the community, the impact is immediate and tangible. Active DeFi users gain "sleep-at-night" peace of mind without abandoning their favorite wallets.

[Your Project and Solution] Capabilities & Feasibility

What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

The team combines complementary expertise across development, research, business development, and marketing, making them uniquely positioned to deliver the project successfully.

• Antony Agrios (Founder - Lead Developer): Brings extensive experience in Web2, Web3, and AI development. He has a proven track record of designing and delivering end-to-end systems, including smart contracts, dApps, NFT platforms, and scalable backend infrastructures. As the creator of GyroSwap, he led the entire technical stack from concept to launch. Social: https://linktr.ee/a.agrios
• Konstantinos Siagas (Co-founder - Business Development): Specializes in public relations, business development, and community building. Social: https://www.linkedin.com/in/kostas-siagas-3a1362223/
• Giannis Mitsios - Varavas (Head of Marketing & Ecosystem Relations): A recognized Cardano Ambassador and content creator with strong ties to the Cardano ecosystem. Social: https://x.com/Varavas9, https://www.youtube.com/@Varavas
• Giorgos Tsoumas (Lead Researcher & Protocol Designer): A PhD candidate at UPF, researching the intersection of game theory and blockchain science, with a particular focus on mechanism design for L2 sequencers. He already has a successful track record of producing technical documentation for Catalyst deliverables through his work as an independent contractor for Sundae Labs. Social: https://link.tree/g.tsoumas
• Danai Balla - (Cryptography Advisor): A cryptography PhD student at the National Technical University of Athens, specializing in the design and security analysis of cryptographic primitives and their applications in blockchain protocols. Danai has authored several scientific publications in top cryptography conferences and has also worked in the past as a smart contract software engineer. Social: http://www.linkedin.com/in/danai-balla-81b649170

Feasibility & Trust Measures:

• Commitment to publishing regular public updates.
• Funds tied to verifiable project milestones.
• Actively engaging the Cardano community for feedback.
• Code Transparency & Auditability.

Other links of our team for further interesest can be found in our site:

https://landing.vaulti.app

[Milestones] Project Milestones

Milestone Title

M1: Hardening

Milestone Outputs

• Stabilization of the Extension and Backend based on initial beta tester feedback.
• Implementation of "Escape Hatch V1" (Timelock recovery) in the smart contract.
• UX improvements to the signing modal.
• Regression testing of the vault lifecycle (deposit/withdraw/recover).

Acceptance Criteria

The project must demonstrate a stable environment on the Cardano Preview network where the core loops function without critical errors. Specifically, the "Escape Hatch" mechanism must be proven to work. A user must be able to initiate a unilateral withdrawal, wait for the designated timelock period, and claim their funds without the Vaulti server's signature. The browser extension must reliably intercept transactions without crashing or causing UI freezes. All identified high-severity bugs from the initial MVP phase must be resolved. The system must support the complete lifecycle of a vault, including creation, funding, secure withdrawal via 2FA, and emergency recovery, with no critical errors logged during the testing phase.

Evidence of Completion

The team will provide a public GitHub release tag for the smart contracts containing the Escape Hatch logic. We will submit a video demonstration showing the full "Escape Hatch" recovery flow initiating the timelock, passing the time on testnet, and successfully withdrawing funds without the oracle. Additionally, we will publish a generic technical report listing the specific bugs fixed, UX improvements made, and feedback incorporated from beta testers. The updated extension will be available in the Chrome Web Store (or as a sideloadable zip) for verifiers to test the stability improvements personally on the Preview network.

Delivery Month

3

Cost

29000

Progress

20 %

Milestone Title

M2: ZK + Authentication Model Research

Milestone Outputs

• Research Track A (Direct Contract Auth): Examine the feasibility of providing alternative 2FA ways for the user, apart from the signature from Vaulti. More precisely, examine the feasibility of using WebAuthn/TOTP, and ideally with direct validation in the Plutus Redeemer.
• Research Track B (ZK Privacy): Feasibility study of using Halo2/Aiken for privacy-preserving authentication and performance optimizations in Vaulti.
• Publication of a technical report detailing results from both tracks.

Acceptance Criteria

The team must produce and publish a technical report, which will cover two distinct tracks. First, it must analyze whether the oracle/Vaulti signature can be replaced while maintaining security for the user. Second, it must provide a "Go/No-Go" assessment for the use of Zero-Knowledge (ZK). The document must conclude with a definitive architectural decision for the Milestone 3 prototype.

Evidence of Completion

The primary evidence will be the published technical report, hosted on the project website and GitHub. We will also provide a recorded presentation (video walk-through) explaining the technical findings of both the "Direct Contract Auth" and “ZK privacy” tracks to a non-technical audience. Finally, the protocol specification documentation will be updated to reflect the selected architectural direction for the subsequent prototyping phase.

Delivery Month

5

Cost

40000

Progress

40 %

Milestone Title

M3: Prototype of Improved Authorization Model

Milestone Outputs

• Prototype of the selected flow from previous Milestone on Preview Network.
• Updates to the Browser Extension, and api to support the new protocol.
• Public Beta testing of the new authorization model.

Acceptance Criteria

A fully functional prototype must be deployed to the Preview network that implements the specific authorization flow selected during the Milestone 2 research phase. The browser extension, and contracts, must be updated to handle this new interaction logic seamlessly. The system must undergo a public beta phase where users will interact with the new contract logic, confirming that the new flow works end-to-end for deposits and withdrawals without requiring manual developer intervention.

Evidence of Completion

Evidence will include the open-source code for the updated Smart Contracts used to generate the authorization payloads. We will provide a video demonstration contrasting the new flow. A link to the updated extension build will be provided for verifiers.

Delivery Month

9

Cost

29000

Progress

60 %

Milestone Title

M4: Dashboard Implementation

Milestone Outputs

• Development of the "Vaulti Platform" (Dashboard).
• Interface for viewing all created vaults and connected wallets.
• Settings management (add/remove 2FA methods).
• Visual interface for the "Escape Hatch" (initiate, view status, claim).

Acceptance Criteria

The Central Admin Dashboard must be fully deployed and accessible via a public URL, connected to the Preview network. It must serve as the primary command center for the user. Specifically, it must allow users to:

1. View a list of all their deployed Asset Vaults and the specific wallets linked to them.
2. Manage their security settings, including adding or removing authentication methods (like switching from TOTP to WebAuthn) and
3. Visually manage the "Escape Hatch" process, showing a clear countdown timer for any active recovery locks and a button to claim funds once the timer expires. The interface must be intuitive and free of critical bugs.

Evidence of Completion

The primary evidence is the live URL of the Vaulti Platform. We will submit a comprehensive video tour covering every feature of the new platform, specifically demonstrating the "Vault Overview" and "Settings Management" screens. We will also provide a link to the user documentation that has been written to support the new dashboard, ensuring that users have clear instructions on how to manage their vaults.

Delivery Month

10

Cost

16000

Progress

80 %

Milestone Title

M5: External Audit & Final Release Preparation

Milestone Outputs

• The primary deliverable is a comprehensive external security audit conducted by a reputable third-party firm with established expertise in Plutus/Aiken smart contracts. The audit scope covers all on-chain contract logic including the Asset Vault, the 2-of-2 multisig mechanism, and the Escape Hatch timelock recovery system. The backend authorization logic and extension signing flows are also included in the security assessment.
• Remediation of all Critical and High severity issues.
• Release Candidate (RC) build ready for Mainnet.

Acceptance Criteria

The project must complete a formal security audit of the smart contracts and the core authorization logic. The final audit report must be received from the auditing firm and made public (or a redacted version if sensitive backend info is involved, provided the contract portion is public). Crucially, the acceptance criteria require that zero critical or high-severity vulnerabilities remain in the code. If the audit finds such issues, they must be fixed and the auditor must provide verification on the fixes. The project must produce a final "Release Candidate" build that is identical to the audited code, ready for mainnet deployment.

Evidence of Completion

The most critical evidence is the PDF of the Final Audit Report from the third-party security firm. If issues were found, a remediation report must be provided showing the specific Git commits that fixed the vulnerabilities, alongside confirmation from the auditor that the fixes are valid. We will also provide the GitHub commit hash of the "Release Candidate" tag, ensuring that the community can verify that the code intended for deployment matches the code that was audited. This ensures full transparency regarding the security status of the project before real funds are at risk.

Delivery Month

11

Cost

30000

Progress

100 %

Milestone Title

M6: Catalyst Closeout & Public Release Package

Milestone Outputs

• Mainnet Deployment of Vaulti Smart Contracts.
• Public Release of Chrome Extension (Mainnet Version).
• Close-out Report and Video.
• All smart contract source code and SDK libraries are published to public repositories under MIT/Apache 2.0 licensing. Documentation includes deployment guides, integration examples, and API references.

Acceptance Criteria

Vaulti must be live and operational on the Cardano Mainnet. "Operational" is defined as the ability for a real user to download the extension from the Chrome Web Store, deploy a real-asset vault, and successfully complete a 2FA-protected transaction with real ADA. The project must deliver the specific "Close-out Package" required by Project Catalyst, which includes a comprehensive impact report detailing metrics (users, vaults created), a video summary of the year-long development journey, and the full release of the open-source repositories for the Smart Contracts and SDKs. All documentation must be finalized and live.

Evidence of Completion

Evidence will include Mainnet transaction hashes showing the deployment of the contracts and the first live user transactions. A direct link to the published Chrome Web Store extension (Mainnet version) will be provided. The Final Report PDF and the Close-out Video (uploaded to YouTube) will be submitted to the Catalyst coordinator. Finally, the links to the public GitHub repositories will be shared, with the READMEs updated to reflect the Mainnet status and contribution guidelines for the community.

Delivery Month

12

Cost

16000

Progress

100 %

[Final Pitch] Budget & Costs

Please provide a cost breakdown of the proposed work and resources

Budget Breakdown by Pillar (Total: ₳160,000)

The budget is structured to take Vaulti from a Testnet MVP to a secure, audited, Mainnet-ready product, while embedding a contingency buffer for ADA price volatility.

1. Development & Stabilization - ₳58,000 Milestones: M1 (₳29k), M3 (₳29k) Covers the core engineering work required to harden and evolve the product: Stabilization of the browser extension and backend services; Implementation of the Escape Hatch (timelock recovery) logic in smart contracts; Prototyping and integrating the improved authorization model selected in M2; Regression testing of core flows.

2. Research & Architecture - ₳40,000 Milestone: M2 (₳40k) Funds specialized cryptographic and architectural research: Feasibility of validating WebAuthn/TOTP directly without co-signing; ZK feasibility and design work (e.g. Halo2/Aiken-based ZK-Login) for privacy-preserving auth; Produces the Go/No-Go decision and architectural blueprint used in M3.

3. Platform UX - ₳16,000 Milestone: M4 (₳16k) Dedicated to building the Vaulti Dashboard: Vault overview, security & 2FA settings management, visual Escape Hatch controls.

4. Security & Audit - ₳30,000 Milestone: M5 (₳30k) Reserved for a Tier-1/Tier-2 external security audit and pre-mainnet hardening: Formal audit of Plutus smart contracts; Fixing all Critical and High severity issues; Auditor verification of remediations; Producing a Release Candidate build.

5. Launch & Operations - ₳16,000 Milestone: M6 (₳16k) Covers the final stretch to Mainnet and Catalyst close-out: Mainnet deployment; Publishing the Mainnet-ready Chrome extension; Final documentation, user guides, and public SDK release; Metrics-driven Catalyst close-out report and summary video.

Volatility & Contingency Buffer Within these pillar amounts, we embed an estimated ₳20,000 contingency buffer spread primarily across Development (M1/M3), Audit (M5), and Launch & Ops (M6). This buffer protects the project from ADA price drops, USD/Stablecoin-denominated costs (especially the external audit), and unexpected infrastructure overhead.

[Final Pitch] Value for Money

How does the cost of the project represent value for the Cardano ecosystem?

Value for Money

• De-risked: Funding is applied to hardening, research, and auditing of an existing MVP, not a speculative idea.
• Ecosystem-wide uplift: Vaulti works as a security overlay for existing wallets, improving security for the broader Cardano user base.
• Open Standards: Smart Contracts and SDKs are open source. The extension remains proprietary primarily to reduce phishing/cloning risks.

Vaulti is a smart investment because you are funding a working product, not just a guess or an experiment. The budget is spent on "hard" costs like security audits and expert coding to make sure the system is safe for real money. Instead of building a new wallet, Vaulti builds a "safety belt" that protects all existing wallets from hacks. The team already has a working version on the Testnet, which lowers the risk that they will fail to deliver.

[Self-Assessment] Self-Assessment Checklist

I confirm that evidence of prior research, whitepaper, design, or proof-of-concept is provided.

Yes

I confirm that the proposal includes ecosystem research and uses the findings to either (a) justify its uniqueness over existing solutions or (b) demonstrate the value of its novel approach.

Yes

I confirm that the proposal demonstrates technical capability via verifiable in-house talent or a confirmed development partner (GitHub, LinkedIn, portfolio, etc.)

Yes

I confirm that the proposer and all team members are in good standing with prior Catalyst projects.

Yes

I confirm that the proposal clearly defines the problem and the value of the on-chain utility.

Yes

I confirm that the primary goal of the proposal is a working prototype deployed on at least a Cardano testnet.

Yes

I confirm that the proposal outlines a credible and clear technical plan and architecture.

Yes

I confirm that the budget and timeline (≤ 12 months) are realistic for the proposed work.

Yes

I confirm that the proposal includes a community engagement and feedback plan to amplify prototype adoption with the Cardano ecosystem.

Yes

I confirm that the budget is for future development only; excludes retroactive funding, incentives, giveaways, re-granting, or sub-treasuries.

Yes

[Required Acknowledgements] Consent & Confirmation

I Agree

Yes