https://medium.loopring.io/smart-wallet-upgrade-everythingyou-need-to-know-7017d9632f65?source=rss----5e4ab2ca952b---4

The Loopring Smart Wallet contracts are getting a big upgrade. We’re also taking off some training wheels by updating our upgrade process — this will be the last manual upgrade users will have to perform. All future upgrades will be automatic with code verification and a time-lock delay. Everything you need to know to upgrade your wallet safely is here.

There has been a lot of talk in the Ethereum community lately about taking off the training wheels, and today, we are taking steps forward in doing just that.

We are making a major upgrade to our Smart Wallet contracts to improve the user experience of the Loopring Smart Wallet while interacting with the base layer 1 of Ethereum. This upgrade will help make LSW a full Ethereum Smart Wallet, allowing users to better use the multi-layer, multi-account functionality, while keeping all of their Ethereum assets as secure as possible.

With the roll out of these new contracts, we are also updating our upgrade process to help further our mission of eventually making Loopring a fully decentralized, community owned and run ecosystem.

Learn everything you need to know about the upgrade below.

👇

What are the benefits of the upgrade

Here are the main feature changes to the contract for the upcoming upgrade:

• Resolves issues with ETH/WETH wrapping.
• Resolves various issues when interacting with L1 DApps— giving us the ability to upgrade the Ethereum L1 offering and experience in the wallet.
• Introduces a new proxy architecture that allows Loopring to automatically deploy future upgrades, enabling users to keep their wallet(s) up-to-date without incurring any fees. For users that have upgraded to contract version v2.3 or higher, the new architecture allows Loopring to upgrade the smart contract through a master copy.

Moving forward, standard upgrades will follow a well-defined procedure:
audit > pre-announcement > publication > (min)24-hour cooldown period > implementation

This process ensures robust security while granting users the option to withdraw assets prior to the upgrade if desired.

In the past, upgrades were done by having the user proxy data point to the latest smart wallet implementation code. This resulted in users having to pay high Ethereum gas fees for each smart contract upgrade. This is not a scalable approach if we want to remove friction as well as extra steps and fees for the end user.

This process is now being updated so that all future upgrades can instead be done through a Loopring Proxy.

The user’s smart wallet always points to a fixed address (the Loopring Proxy address), which then points to the real and latest implementation code of the smart wallet. This means that for each new upgrade, it only requires the Loopring Proxy to update the address of the implementation code to the latest version, resulting in a zero-cost upgrade (no gas fees) for each Loopring Smart Wallet user.

Who needs to upgrade

We encourage all current Smart Wallet users to upgrade their wallets if they want to stay up-to-date with all of the latest features coming to the wallet.

This will be the last manual upgrade that users will have to complete. After this upgrade, our new process will allow all future updates to be handled automatically from the users perspective and at no cost.

How to upgrade⚡️

You will receive a notification in app to upgrade your Smart Wallet in the coming weeks. Stay tuned to our socials, mainly X(Twitter) + Discord for the most up-to-date information.

Keep in mind this upgrade will incur an Ethereum L1 gas fee. As mentioned above, this will however be the last upgrade that users need to directly pay for, as future upgrades will be through paid on behalf of the user thanks to the Loopring Proxy.

How will future upgrades be handled?

All future smart wallet contract upgrades will be done using this new method.

Once the new smart contract is completed, we will have the code audited and then pre-announced to the community, with the publication of the verifiable code for users to check. There will be a minimum 24 hour cooldown period for this process, so that users have some time to check and verify. Once this cooldown period is completed, the upgrade will automatically go live for users. During this cooldown period, users will have the option to transfer their funds out of their wallet if they are not comfortable with the upgrade.

Community Nominated Security Council

We understand that not all users are able to read and verify code themselves. For this reason, we are also looking to nominate and vote in a new security council. 3–5 members of the community will have the chance to be nominated and voted in, using the Loopring DAO, to become the new Loopring Security Council.

This council will have the chance to have a private chat with the team where we can confer on future upgrades, go into detail and answer questions they think the community may want to know.

This council will also be very critical for any possible zero-day attacks in the future.

There may be a scenario in the future where there is a critical bug that needs urgent fixing. If we publicize this bug, it will make it so that it can be exploited further and potentially put users funds at risk.

In this scenario, we will need to share this information with the Security Council, and not publicize the actual verifiable code upgrades. The users will need to trust the council to verify the code on their behalf and endorse the upgrade without having the code public for them to check themselves.

While we hope this scenario never happens, it is important that we plan for these things. In the worst case scenario, users will always have the option to withdraw their funds before any upgrades go live, but we believe the added security layer of the Security Council can be a valuable asset to the ecosystem.

We will open up some channels to have community members nominate who they believe should be on this council and have an official vote through the Loopring DAO following these nominations to find the Top 3–5 to join the council.

What upgrades are coming for the Smart Wallet?

The next big upgrade coming to the Loopring Smart Wallet will be a big Account Abstraction upgrade, adding ERC 4337 compatibility to the LSW. This will be the beginning of a larger push to bring even more account abstraction (better user experience) to the wallet.

Stay tuned to our official socials, Twitter, Discord, Reddit, Instagram for upcoming announcements and more details around this future upgrade.

About Loopring

Loopring is an Ethereum Layer 2 zkRollup protocol for scalable, secure DeFi and NFT applications. Loopring builds non-custodial, high-performance products atop our L2, including the Loopring Wallet — a mobile Ethereum smart wallet, and the Loopring L2 web app — an L2 orderbook and AMM DEX. To learn more, follow us on Medium or see Loopring.org.

Twitter ⭑ Discord ⭑ Reddit ⭑ GitHub ⭑ Docs ⭑ YouTube ⭑ Instagram

Smart Wallet Upgrade: EverythingYou Need To Know was originally published in Loopring Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.

https://medium.loopring.io/cloud-backup-2-0-a-look-inside-873ca6864f4

Smart wallets have been growing in popularity over the past few months, in part due to their increased security advantages over traditional crypto wallets. When most people think about smart wallets, they are typically referring to wallets with a social recovery function, which eliminates the need to remember or store the seed phrase or mnemonic words.

If a user forgets the seed phrase for their traditional EOA wallet, they will be unable to regain access to their wallet, meaning the funds could be lost forever. Alternatively, if a user loses or breaks their mobile device with a smart wallet app installed, they can still regain control and recover their wallet.. This is possible through the innovative social recovery function that is native to the smart wallet. Through the use of their personalized guardians, the user can always rely on this feature to restore the smart wallet and its funds in the event that something bad happens to their device.

Smart wallets with social recovery provide users with a giant improvement in security over traditional crypto wallets by removing the single point of failure and providing this backup protection. However, this comes with a cost. As the social recovery process occurs on-chain, it involves gas costs on the Ethereum network. Due to the potential for fees to fluctuate and become expensive during periods of high demand, we have made the decision to offer users a cost-free backup source for their smart wallets. This additional feature not only provides peace of mind but also ensures that users can securely manage their wallets without any financial burden. By successfully enabling cloud backup, a user can now also rely on this function to restore the smart wallet in the case that something bad happens to the device.

We have recently completed a significant revamp of our cloud backup feature. In the following sections, we will provide a comprehensive explanation of the underlying mechanisms to help users gain a thorough understanding of how this cloud feature operates. Additionally, we will discuss the potential risks associated with its usage.

How smart wallets work

A smart wallet by nature is a smart contract deployed on EVM-compatible networks. This means it’s not like a traditional EOA wallet that is bound to a specific key phrase (private key). Instead, there is an owner wallet, which is then used to initiate all the transactions on behalf of the smart contract. The owner itself is an EOA address, and thus has a unique private key associated with it. Usually this private key is stored securely in the local storage of the device in which the smart wallet is installed.

The reason why the user needs to back up the key phrase of the EOA wallet is that this key phrase is directly bound to this EOA wallet. Anyone who knows this key phrase can operate this EOA wallet directly. If this key is lost, no one will be able to access the assets of this wallet anymore.

On the other hand, a user doesn’t need to back up the key phrase of the smart wallet because there is no unique private key that is directly associated with it. The owner of the smart wallet can be changed from one wallet address to another by getting the majority of the wallet’s guardians to approve the request.

How to restore a smart wallet via social recovery

In the case that a user is unable to access the private key of the owner of this smart wallet, one recovery approach is to change the owner of the smart wallet via the smart contract. According to the predefined logic of social recovery, after receiving majority approval from the guardians, a new wallet address will be generated and assigned as the new owner of this smart contract. With this newly generated private key of the new owner, the user is then able to regain control of the smart wallet.

Since the address of the smart wallet remains unchanged during this process, everything is now back to normal and the wallet is functional again. The only cost is the Ethereum gas fee, which the user has to pay to complete this social recovery operation as it invokes an on-chain blockchain operation.

How to restore a smart wallet via cloud recovery

As mentioned above, certain users may opt to bypass on-chain operations when it comes to recovering their smart wallets. This is why we’ve introduced the cloud backup and recovery option in Loopring Smart Wallet.

Cloud backup involves encrypting and storing the private key of the current owner of the smart wallet to the cloud. Considering the owner of the smart wallet may change at some point, it is necessary to back up the private key of the latest owner of the smart wallet upon detecting the owner’s change.

For cloud recovery, the process involves retrieving the private key of the owner of the smart wallet to the local device, and then restoring this EOA wallet with the key. Since the EOA wallet is set as the owner of the smart wallet, it makes it possible to fully recover this smart wallet via the cloud.

As can be seen, this approach is completely different from social recovery. In the case of social recovery, the owner of the smart wallet is changed to a new one via guardians; whereas in the case of cloud recovery, the owner of the smart wallet remains the same.

How to implement enhanced security protection for cloud backup

Now comes the hard part — how to ensure the security of the Cloud backup/restoration? Here is how we design and implement it for the Loopring Smart Wallet.

Before we get started, let’s introduce several key terms:

Preparation

The enclaveRootKey is first created by Loopring and held by selected key members. It is used to set up an AWS enclave trusted environment, which then enables Loopring to create isolated compute environments to further protect and securely process highly sensitive data. Then, for each smart wallet, the corresponding userSalt is generated in the Loopring server and stored there.

Backup

Below you can see a full flow of the step-by-step operations that are invoked during the backup process. The backup is completed when the encrypted user key is uploaded to the user’s personal cloud storage.

Restoration

Below you can see a full flow of the step-by-step operations that are invoked during the restoration process. After the user decrypts the encryptedUserKey to properly restore the userKey, they are able to regain control of the owner wallet, which is then able to fully control the smart wallet once again.

Key isolation

As seen below, there are 5 environments involved in cloud backup and recovery:

1. Loopring private environment
2. AWS isolated enclave environment
3. Loopring server
4. User local environment
5. User trusted cloud storage

1. The enclaveRootKey is maintained by Loopring core members in the private environment. With the enclaveRootKey, the isolated enclave environment can be established in AWS. The enclave environment doesn’t store any keys; it is only a runtime environment for trusted computation.
2. The userSalt is stored in the Loopring server, which is used to calculate the corresponding keyOfEncryption in the AWS enclave environment.
3. The userKey is stored in the user’s local environment for normal smart wallet usage.
4. The encrypted user key (also known as the encryptedUserKey) is stored in the user’s trusted cloud storage.
5. The keyOfEncryption will not be saved in either part; instead, it’s dynamically computed and returned to the user for temporary usage and is discarded after usage.

The only two keys that could be exposed to malicious hackers are the encryptedUserKey, which is stored in the user’s trusted cloud storage (Google Drive or Apple iCloud) and the userSalt, which is stored in the Loopring server. However, even if a hacker manages to get the encrypted key, they are still unable to decrypt it without knowing the keyOfEncryption. On top of this, even if a malicious hacker exploits the Loopring server and obtains the userSalt, they would be unable to generate the real keyOfEncryption as the AWS enclave environment remains secure. By removing any single point of failure, we are confident our cloud backup and recovery feature will be a robust and secure option for many users.

About Loopring

Loopring is an Ethereum Layer 2 zkRollup protocol for scalable, secure DeFi and NFT applications. Loopring builds non-custodial, high-performance products atop our L2, including the Loopring Wallet — a mobile Ethereum smart wallet, and the Loopring L2 web app — an L2 orderbook and AMM DEX. To learn more, follow us on Medium or see Loopring.org.

Twitter ⭑ Discord ⭑ Reddit ⭑ GitHub ⭑ Docs ⭑ YouTube ⭑ Instagram

Cloud backup 2.0: A Look Inside was originally published in Loopring Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.

https://medium.loopring.io/introducing-block-trade-on-loopring-giving-l2-users-self-custodial-access-to-multiple-liquidity-f1ae4eb80e30?source=rss----5e4ab2ca952b---4

Introducing Block Trade on Loopring: Giving L2 Users Self-custodial Access to Multiple Liquidity Sources

Loopring is introducing a new feature this week that enables users to seamlessly swap specific token pairs by tapping into centralized exchange (CEX) liquidity. Now any user can access leading liquidity and low slippage from across crypto, from the security of their own self-custodial wallet.

For small to medium-sized decentralized exchanges (DEXs), a significant obstacle to active trading is the lack of liquidity or market depth, particularly for larger traders. When users attempt large swaps, the automated market maker (AMM) pool may not have sufficient liquidity, leading to a substantial price impact. Loopring’s solution aims to address this problem.

By leveraging its underlying protocol, Loopring offers a new feature called “Block Trade” that utilizes multiple liquidity sources, particularly CEX liquidity, to serve users while they remain in control of their own assets. These swap transactions occur directly between dedicated entities and do not affect existing DEX liquidity or the prices for other users. This process is similar to block trading systems found in traditional stock markets, where large, privately negotiated transactions take place outside of the open market through private purchase agreements.

To better understand this process, let’s introduce a Market Maker (B) with accounts on both Loopring Layer 2 (L2) and a CEX.

Suppose a Loopring user (A) wants to sell LRC tokens for USDC. The process would proceed as follows:

After the transaction, A receives USDC, and B receives LRC. Since B has already sold the same amount of LRC on the CEX, their assets remain balanced across both accounts (Loopring L2 and CEX). This allows B to fulfill A’s request and facilitate the trade immediately.

The example above is a simplified illustration. In some cases, B’s L2 asset balance might not be sufficient for the trade. When this scenario happens, user A must choose between:

1. Trading as much as possible at the desired price, potentially waiting for B’s account to rebalance before receiving all tokens.
2. Trading immediately at the desired price, but only trading the amount currently available in L2 to receive the tokens instantly.

Once A submits an order with a specific amount, B will execute a corresponding trade on the CEX, making the transaction irreversible. Based on A’s choice, B will know how much to trade on the CEX.

In either scenario, A’s tokens remain locked until B’s L2 account has enough tokens to complete the transaction, ensuring that A’s assets are always securely held in their own self-custodial wallet. The rebalancing between B’s L2 and CEX accounts can be event-triggered or time-triggered to guarantee A receives tokens within a predetermined time frame.

One additional aspect to consider is the pegging between USDT and USDC. In the decentralized finance (DeFi) space, USDC is more commonly used, while in centralized finance (CeFi), USDT is preferred. The final solution will incorporate this USDC-USDT conversion for a complete experience.

It’s important to note that any entity could theoretically act as a market maker in the future, though currently Loopring Labs fulfills this role.

Risk Disclosure:

When using Loopring’s innovative Block Trade solution, it is essential for users to understand any potential risks involved. This system offers two options for swapping tokens: immediate liquidity on Layer 2 or waiting for the maximum swap amount. While these options provide flexibility, they also vary in some risks that users should be aware of.

Option 1: Trade as Much as Possible

In this case, users may need to wait for the market maker to rebalance their L2 liquidity by sourcing additional funds from the centralized exchange (CEX). While waiting, users’ tokens may be locked for up to 24 hours. The risks associated with this option include:

• Inaccessibility: During the lockup period, users cannot access, use, or withdraw their locked tokens for up to 24 hours
• In the rare case that the market maker fails to provide the necessary liquidity within 24 hours (something happened to Loopring relayer or market maker), the user would have to wait indefinitely for these services to be back online for the swap to execute — in this worst case the user could make the the choice to do a protocol level force withdrawal of their original funds back to Ethereum L1, but this can take up to 14 days in some cases — but good to note that the users original funds are still never at risk of being lost or stolen as they always remain in the users custody

Option 2: Trade Immediately on L2

In this scenario, the process operates like a regular swap. Users can see the amount of tokens they will receive, and the relayer facilitates the swap between the market maker’s L2 account and the user’s L2 account. There is no risk in this scenario, as it operates very similarly to a L2 DEX swap from the user’s perspective.

The benefit of this scenario is near immediate execution, with CEX level liquidity and low slippage, which could be better execution than other options directly on L2.

It is crucial to remember that Loopring’s L2 is a zkRollup Layer 2 architecture built on Ethereum, ensuring that users always maintain self-custody of their funds. This means that users do not need to trust Loopring to keep their funds safe, and in the worst-case scenario, they can force a withdrawal back to the Ethereum network without Loopring’s permission.

By understanding the potential risks and the safeguards in place, users can make better informed decisions when using Loopring’s token swaps, ultimately benefiting from its innovation and flexibility.

About Loopring

Loopring is an Ethereum Layer 2 zkRollup protocol for scalable, secure DeFi and NFT applications. Loopring builds non-custodial, high-performance products atop our L2, including the Loopring Wallet — a mobile Ethereum smart wallet, and the Loopring L2 web app — an L2 orderbook and AMM DEX. To learn more, follow us on Medium or see Loopring.org.

Twitter ⭑ Discord ⭑ Reddit ⭑ GitHub ⭑ Docs ⭑ YouTube ⭑ Instagram

Introducing Block Trade on Loopring: Giving L2 Users Self-custodial Access to Multiple Liquidity… was originally published in Loopring Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.