WalletWall Vault
WalletWall Vault is a research prototype that demonstrates a hybrid classical + post-quantum authorization model for Ethereum wallet migration. It is reachable at /vault and at vault.walletwall.org.
WalletWall Vault is a research prototype. The readiness scanner is read-only. The private app does not store keys, does not ask for seed phrases, and does not implement recovery flows. The connected dashboard is testnet-only and can request EIP-712 signatures and submit testnet transactions. The current verifier is not production-grade post-quantum verification, and no live native PQ precompile support is claimed.
Current implementation boundary
The private app’s Vault UI is a compatibility/prototype surface. The readiness scanner is read-only and the migration path panel is driven by the shared wallet-security profile when available, with a migration-only fallback. WalletWall does not store private keys, does not ask for seed phrases, and does not implement recovery flows in this UI.
The shared wallet-security orchestration layer (src/lib/wallet-security/) now supplies the security state, vault eligibility, and recovery readiness rendered in these UI slots: WalletSecurityPanel shows the compact security state, and MigrationPathPanel presents the migration path plus the wired recovery-readiness and vault-candidate slots. The canonical boundary and guarantees live in the Key Management & Recovery Model — recovery flows are not implemented yet. The UI uses “recovery readiness”, “vault candidate”, “migration path”, “monitor only”, “signature exposure”, and “post-quantum migration” language.
Deployment status
Ethereum Sepolia is the validated active deployment:
| Field | Value |
|---|
| Status | active-testnet |
| Chain ID | 11155111 |
| Vault | 0x210ceD9C12AF27b10B06eB5506b24a51E11506E9 |
| Verifier | 0x832E223c6D889A96bCFF434a609e8a5782C706e9 |
| Deploy transaction | 0x8f15e6c99ee4ac789836716c75d26a8dc8df240dad731cbc8a7c9515e91cc3e1 |
| Live runtime | 20,508 bytes |
| Reported source commit | 828bf219c0e2612fcd1aba5f085c4abeba29de88 |
The reported source commit is absent from public Vault history. Current public HEAD recompiles to 22,138 runtime bytes, not the active deployment runtime of 20,508 bytes. Public artifact/source alignment is pending; do not claim that current public HEAD reproduces the active Sepolia deployment.
0x8c5B…CF24 is deprecated because it has a stale runtime and uses the incompatible legacy 32-byte PQ-key vault format. Do not use it for new vaults or reference it as active.
The public Wallet-Wall/walletwall-vault repository owns contracts, security assumptions, verifier design, tests, and deployment records. The private app consumes pinned ABI, custom errors, events, EIP-712 schema, and deployment configuration only. No full public-repository mirror should be added.
Concept distinction
WalletWall Vault is one of three related but distinct ideas surfaced across the product. Keep them separate in copy:
| Concept | Question it answers |
|---|
| Quantum Exposure | How urgent is the wallet-level risk? |
| Migration Readiness | How feasible is the post-quantum migration path? |
| WalletWall Vault | One experimental vault candidate path, monitor only in the private app. |
Page flow
Entry phase
The entry page explains the three concepts (Quantum Exposure, Migration Readiness, WalletWall Vault), shows the research disclosure, and presents a read-only scan form. Users can enter any Ethereum address or ENS name. A deep-link param ?vw=<address> triggers the scan automatically on load. Scanning does not require a wallet connection, signature, or transaction.
The connected Vault dashboard is separate from the readiness scanner. It is testnet-only, with Ethereum Sepolia as the validated active deployment. Ethereum Mainnet and Base Mainnet writes remain blocked.
Result phase
After scanning, the result phase renders:
- Score ring —
QuantumScoreRing with the vault readiness band (unknown, weak, moderate, strong, resilient) and the scanned address.
- Research disclosure — always visible; states the prototype is read-only in the scanner and does not store keys.
- Quantum Vault Readiness Card (
QuantumVaultReadinessCard) — recovery readiness breakdown, findings, recommendations, controls, and migration path panel.
- Simulate: Authorization flow panel (
SimulateAuthorizationPanel) — collapsed by default; see below.
- Research repository link — links to the WalletWall Vault GitHub repo.
The ← New scan button resets to entry without navigating away.
Recovery Readiness Score
The score is computed by scoreQuantumVaultReadiness() in src/lib/quantum-vault-readiness.js. It starts from a base of 62 and applies deltas for:
| Signal | Effect |
|---|
| Outgoing transactions (public key may be exposed) | −18 |
| Address reuse pattern | −8 |
| Very high value concentration (≥ $1 M) | −18 |
| High value concentration (≥ $100 K) | −12 |
| Dormant wallet with meaningful balance | −10 |
| Sampled / partial data | −5 |
| Multisig / Safe detected | +18 |
| Timelock detected | +12 |
| Guardian recovery detected | +10 |
| Fresh wallet pattern detected | +6 |
Score bands
| Band | Score range |
|---|
resilient | ≥ 90 |
strong | 70–89 |
moderate | 40–69 |
weak | < 40 |
unknown | Insufficient data (score is null) |
null and status is insufficient_data. A heuristic-only baseline is never shown as wallet-specific intelligence.
Data source
Vault reads the same Dune-backed exposure signals as Quantum Intelligence — no separate API endpoints. Results carry a sourceMode of heuristic (address heuristics only) or matched (Dune auto-run facts loaded) and a provenance block shown in the source ledger.
Simulate: Authorization flow panel
SimulateAuthorizationPanel is a collapsible research illustration — not an interactive signing flow. It renders in the result phase below QuantumVaultReadinessCard, collapsed by default.
What it shows
A static, deterministic narrative of what a hybrid ECDSA + ML-DSA authorization step would look like for this wallet. Steps are neutral-gray (not success/fail colored) and labeled as a conceptual illustration.
| Step | Content |
|---|
| Step 1 — Wallet classification | Detected wallet type from readiness.controls.multisig (detected → “Multisig / Safe pattern”; not_detected → “EOA”; unknown → “EOA assumed”). Recommended migration path from migration.recommendedPath. |
| Step 2 — Classical authorization (ECDSA) | Signer language derived from multisig status: “Multisig threshold required” vs. “Single key — EOA signs” vs. “Wallet type unknown — EOA assumed”. |
| Step 3 — Post-quantum authorization (ML-DSA FIPS 204) | Always static. Co-sign with new ML-DSA key pair (off-chain, conceptual only); hybrid proof binds both signatures. |
| Step 4 — On-chain verification (research placeholder) | Always static. WalletWall Vault verifier contract — NOT production-grade cryptographic verification. |
PQC_ALGORITHM_NOTE constant and a link to the research repository.
Accessibility
The toggle button carries aria-expanded (reflects open/closed state) and aria-label so screen readers announce the panel correctly.
Language constraints
Use careful labels such as “research simulation”, “conceptual flow”, “illustration”, “not a real authorization”, “no keys accessed”, “nothing submitted on-chain”, and “monitor only”. Avoid absolute safety, recovery, or asset-control claims.
Product registration
Vault is registered as a full product entry in src/lib/products.js:
vault: {
id: 'vault',
label: 'WalletWall Vault',
subdomain: 'vault',
canonicalHost: 'vault.walletwall.org',
legacyPath: '/vault',
componentRoute: '/vault',
canonicalPath: '/',
description: 'Post-quantum migration research prototype',
iconKey: 'vault',
}
SUBDOMAIN_TO_PRODUCT_ID, LEGACY_PATH_TO_PRODUCT_ID, COMPONENT_ROUTE_TO_PRODUCT_ID) are computed automatically.
ProductShell
ProductShell (src/components/ProductShell.jsx) is the standard full-screen nav wrapper for Vault. It renders the ← ⬡ WALLETWALL VAULT nav bar and owns the position: fixed; inset: 0 layout. The back button always navigates to / (home). VaultPage content flows below the nav without its own fixed positioning.
ProductShell accepts productId, onNavigate, and children. It resolves the product label from PRODUCTS[productId].
Cryptographic research context
The vault prototype models hybrid authorization using:
- ML-DSA (FIPS 204) — formerly CRYSTALS-Dilithium; the primary post-quantum signature scheme.
- SLH-DSA (FIPS 205) — formerly SPHINCS+; referenced as related signature research.
- ECDSA / secp256k1 — the current Ethereum signature scheme, retained in the hybrid flow.
The hybrid proof binds both an ECDSA signature and an ML-DSA signature to the migration transaction. The on-chain verifier is an architectural placeholder — it does not perform production-grade cryptographic verification.
Connected-dashboard withdrawals use EIP-712 typed-data signing. Before transaction submission, the app runs a staticCall preflight and surfaces decoded custom errors when revert data matches the pinned ABI. Mock PQ key and signature material is prototype/testnet-only.
Approved framing
| Use | Do not use |
|---|
| Post-quantum migration research | Quantum-proof |
| Hybrid authorization prototype | Quantum-secure |
| Experimental migration path | Protects real funds |
| Research-backed prototype | Guaranteed quantum resistance |
| Conceptual illustration | Seed phrase recovery |
| Not a real authorization | Deploy vault now |
