Under Construction This DApp is in development
HomeBlueskyNostrLensFarcasterDonate

Security Paradigms

OmniSocial is designed from the ground up to resist both traditional and emerging digital threats.

From zero-knowledge security primitives to multi-factor authentication and smart contract upgrade governance, the platform's architecture prioritizes user sovereignty and platform resilience.

🧠 ZK Security Foundation: zkEVM + zkSNARKs

OmniSocial is deployed on Polygon zkEVM, inheriting its Ethereum-equivalent security with zero-knowledge verification guarantees.

Benefits:

  • Validity proofs (zkSNARKs) verify all L2 transactions on L1

  • Finality guarantees after batch validity is posted

  • Reduced attack surface for replay or fraud attempts

zkEVM preserves the same developer tooling and signature logic as Ethereum while enabling succinct, privacy-preserving verification.

🔑 OmniWallet + Two-Factor Authentication

Every user account is powered by an OmniWallet—a smart contract wallet with modular security features.

🔐 Two-Factor Authentication (2FA)

OmniWallet supports optional WebAuthn-based 2FA for sensitive actions.

🔄 Technical Flow (WebAuthn):

  1. User links a hardware key or biometric authenticator (via browser WebAuthn).

  2. Challenge is generated server-side (or locally).

  3. Authenticator signs challenge.

  4. Signature is submitted with contract interaction.

  5. Smart contract validates the WebAuthn signature before executing.

2FA Protected Actions:

  • Voting on high-value proposals

  • Executing DAO upgrades

  • Sending large transfers

  • Recovery actions

🛟 Account Recovery: Guardian + SBT Mechanism

If a user loses access to their device or wallet, OmniSocial enables multi-path recovery using social guardians and Soulbound Tokens (SBTs).

🔧 Recovery Setup:

  • Link 1–3 trusted contacts (guardian addresses)

  • Mint a non-transferable RecoverySBT to their wallets

  • If recovery is needed, a threshold of guardians signs off on the new key

Contract Events:

  • RecoveryInitiated(user, newOwner)

  • GuardianSigned(guardian, user)

  • OwnershipTransferred(user, newOwner)

Recovery is only permitted if the correct guardian quorum is reached within a time window.

🧬 Upgradeability & Governance

All core contracts (OmniWallet, PersonaNFT, DAO, RepModule) follow UUPS proxy upgrade patterns.

How upgrades work:

  • Each proxy points to an implementation contract

  • Upgrades are proposed via governance

  • After quorum is met, the proxy is pointed to a new implementation

Contract Functions:

function upgradeTo(address newImplementation) external onlyAdmin;
function authorizeUpgrade(address newImplementation) internal override onlyDAO;

Only the DAO or authorized multisig can perform upgrades—users are protected against rug-pulls and unauthorized logic changes.

🛡 Threat Matrix & Mitigations

Threat
Mitigation

Wallet compromise

Smart wallet with optional 2FA, multisig recovery via guardians

Lost keys

Social recovery with SBTs + guardians

Sybil attacks

zk-based Proof of Humanity & pseudonym separation via personas

Replay or invalid tx on L2

zkEVM with zkSNARK finality enforcement

DAO proposal hijack

Reputation-weighted voting + quorum + 2FA enforcement on execution

Smart contract vulnerabilities

UUPS upgradability + audits + gradual feature rollout

Censorship or centralized moderation

DAO-based community governance & moderation tooling

📘 Related Contracts

  • OmniWallet.sol

  • RecoverySBT.sol

  • OmniWalletFactory.sol

  • UpgradeManager.sol

  • WebAuthnVerifier.sol

PreviousGovernance & DAO ModuleNextRunning a Local Dev Environment

Last updated

Was this helpful?