Web3Box

[web3andrew]

Project Abstract

Please replace these instructions with a brief description of your project summarising key points (1-2 paragraphs).

If your application is a follow-up to a previous grant, please mention which one in the first line of the abstract and include a link to previous pull requests if applicable.

Grant level

• [x] Level 1: Up to $10,000, 2 approvals
• [ ] Level 2: Up to $30,000, 3 approvals
• [ ] Level 3: Unlimited, 5 approvals (for >$100k: Web3 Foundation Council approval)

Application Checklist

• [x] The application template has been copied and aptly renamed (project_name.md).
• [x] I have read the application guidelines.
• [x] A BTC, Ethereum (USDT/USDC/DAI) or Polkadot/Kusama (aUSD) address for the payment of the milestones is provided inside the application.
• [x] The software delivered for this grant will be released under an open-source license specified in the application.
• [x] The initial PR contains only one commit (squash and force-push if needed).
• [x] The grant will only be announced once the first milestone has been accepted (see the announcement guidelines).
• [ ] I prefer the discussion of this application to take place in a private Element/Matrix channel. My username is: @_______:matrix.org (change the homeserver if you use a different one)

[CLAassistant]

All committers have signed the CLA.

[web3andrew]

Hi @web3andrew. Thank you for the application. I left a few questions below. Broadly speaking, there are several big issues with this:

1. There is a mismatch between the architecture diagrams and the deliveries. You are suggesting to include a lot of things, but there are no matching deliverables. If you want to fund parts of your project with a grant, please keep the application's focus on those parts. Also, please keep in mind that the deliverables still need to be useful on their own.

2. There is a lack of technical details. What tech stack are you planning to use? What makes your sandbox secure? Where do the asset and transaction data come from?

3. Since we cannot sign off on a milestone with cost "TBD", it's probably best to remove it. You could apply for a follow-up grant if and when the first grant is delivered and accepted.

4. There is no activity on your or your organisation's Github accounts. It would really help if you could show some experience with building and maintaining open source software and Substrate- or blockchain-related projects.

@semuelle Thanks, sir, we will update what you metioned asap.

[web3andrew]

Hi @web3andrew. Thank you for the application. I left a few questions below. Broadly speaking, there are several big issues with this:

1. There is a mismatch between the architecture diagrams and the deliveries. You are suggesting to include a lot of things, but there are no matching deliverables. If you want to fund parts of your project with a grant, please keep the application's focus on those parts. Also, please keep in mind that the deliverables still need to be useful on their own.

2. There is a lack of technical details. What tech stack are you planning to use? What makes your sandbox secure? Where do the asset and transaction data come from?

3. Since we cannot sign off on a milestone with cost "TBD", it's probably best to remove it. You could apply for a follow-up grant if and when the first grant is delivered and accepted.

4. There is no activity on your or your organisation's Github accounts. It would really help if you could show some experience with building and maintaining open source software and Substrate- or blockchain-related projects.

@semuelle Answers are as follows, and updated the application MD file https://github.com/w3f/Grants-Program/pull/1256/commits/e76de15433e3dcd957fc6896179dd813ddc2c1fb Q1: We deleted milestone2 and will focus on milestone1 (Dashboard & Multi-chain Wallet). We can make sure that Dashboard & Multi-chain Wallet would be useful after we finish milestone1. and then we will apply for the follow-up Milestone2 Risk Assessment for parachains. Q2: Web3Box Wins and Mac Clients will be provided after finishing Milestone1 Client language: React， Electron Server language: Nodejs Q3: Deleted the Milestone2, and will continue to apply after finishing Milestone1 Q4: ok, sir, we will update some work that we have done in our official GitHub account these days https://github.com/web3box-labs/apps

[web3andrew]

@semuelle Sir，already updated our Web3Box Github, you could check it out when you are available.

[web3andrew]

@semuelle Sir, any update?

[web3andrew]

Thank you for the update, @web3andrew, and sorry for the late reply. The application looks better now, but could you expand on what I raised in Q2? How is this sandbox implemented? How is it safer than a well-tested browser plugin?

Sir，already updated our Web3Box Github, you could check it out when you are available.

Could you explain what this project is? I tried building and running it, but neither worked. It looks like a template react app.

@semuelle Firstly, we will provide the Mac & Win Web3Box Client for the Polkadot community, which could make community users' data saved locally and no interruptions from online attacks or viruses.

And second, to some degree, a well-tested browser plugin may be safer than the DApps in Web3Box, but the data is still controlled under centralized institutions, correct? Web3Box is a completely decentralized client with no control or surveillance of users' data.

And last, what Web3Box aims to be is trying to provide the Web3 world with a much safer and more decentralized way to access data, DApps, and Web3 Projects.

BTW, you could run and build the app after we finished the Milestone1, we need more time to update and rich its details.

[semuelle]

And second, to some degree, a well-tested browser plugin may be safer than the DApps in Web3Box, but the data is still controlled under centralized institutions, correct? Web3Box is a completely decentralized client with no control or surveillance of users' data.

None of the wallets I know use a centralised service to store keys, and some allow you to use your own node. What centralised institutions do you mean?

BTW, you could run and build the app after we finished the Milestone1, we need more time to update and rich its details.

The reason I asked about the project currently on Github was that we like to see if applicants have previous experience with building and maintaining open source software. A bunch of template code doesn't help with that. Do you have any other code or project material you can share?

[web3andrew]

And second, to some degree, a well-tested browser plugin may be safer than the DApps in Web3Box, but the data is still controlled under centralized institutions, correct? Web3Box is a completely decentralized client with no control or surveillance of users' data.

None of the wallets I know use a centralised service to store keys, and some allow you to use your own node. What centralised institutions do you mean?

BTW, you could run and build the app after we finished the Milestone1, we need more time to update and rich its details.

The reason I asked about the project currently on Github was that we like to see if applicants have previous experience with building and maintaining open source software. A bunch of template code doesn't help with that. Do you have any other code or project material you can share?

@semuelle For centralized institutions, I mean that web2 products like Chrome Browser do control users' data and the users' data is under the surveillance of Chrome Browser. In contrast, Web3Box, Stand-alone & Decentralized Client , won't do that and will always allow users to keep data by themselves.

As for open source experience, our dev did participated in this defi project https://github.com/netswap

[web3andrew]

@semuelle Sir, any update about our application? :)

[semuelle]

Thanks for the update, @web3andrew, and sorry for the late reply. There is now an even bigger gap between the project description and the deliverables. I think a desktop wallet should first and foremost focus on its core functionality, which is reflected in this milestone, but your project description contains a lot of other stuff that I'm not particularly keen on. Also, you haven't been able to show any previous open source work. Therefore, I am not going to support this application. However, I will share your application with my colleagues, who might feel different.

[web3andrew]

Thanks for the update, @web3andrew, and sorry for the late reply. There is now an even bigger gap between the project description and the deliverables. I think a desktop wallet should first and foremost focus on its core functionality, which is reflected in this milestone, but your project description contains a lot of other stuff that I'm not particularly keen on. Also, you haven't been able to show any previous open source work. Therefore, I am not going to support this application. However, I will share your application with my colleagues, who might feel different.

@semuelle Thanks sir, according to your feedback, our team has simplified the proposal, and we will focus on Polkadot eco desktop dashboard, wallet & risk management. I have updated the proposal again. Hope that your colleagues and you could read this latest proposal. BTW, we really care what you mentioned that "your project description contains a lot of other stuff that I'm not particularly keen on." , some other stuff is our vision about Web3Box, and therefore we deleted them which are not related with current milestones.

[web3andrew]

Thanks for the application. Could you still sign the latest version of the CLA? (see CLAassistant). Apart from this, if I understand it correctly, you essentially want to develop a Electron-based wallet, correct? Could you integrate the technical details into the specification of the milestone deliverables? (e.g. react, electron, typescript? etc.) Also, you might want to take a look at the existing open-source wallets: https://wiki.polkadot.network/docs/build-open-source#user-interface and see if you can reuse some of them. Btw. https://github.com/polkadot-js/apps can also be run as a desktop electron wallet.

@Noc2 @semuelle Thanks, guys. We do want to develop the electron-based wallet for the multi-chain wallet of Milestone. And our devs are also doing some research on https://wiki.polkadot.network/docs/build-open-source#user-interface and https://github.com/polkadot-js/apps. And I have updated the proposal file. BTW, The latest CLA is done.

[web3andrew]

BTW, We do love Polkadot. We are DOT holders. And we do need a chance to contribute more for Polkadot Community.

[keeganquigley]

Thanks for the application @web3andrew and for the deep dive @semuelle, I'm afraid I have to agree with the assessment that I wouldn't support this application in its current state. The price is reasonable, but:

1. The deliverables still don't contain any specifics on the tech used, as @Noc2 mentioned. What programming language is being used? (Rust, TypeScript, JavaScript, etc.) What will the front end be built in? (React, Vue, etc.) What kind of encryption is being implemented? Are you going to utilize an API service such as Subscan?

2. What does "risk assessment/management" mean exactly? The provided screenshot uses vague language and doesn't describe how the components work in detail.

3. The application has typos/formatting issues and vague language. For example, I don't believe "UGA platform" is a widely used industry term (I could be wrong). Another example is the formatting of the team member section. Not that the language has to be perfect, but currently it gives me the impression that not much effort was put into it.

4. As mentioned there is still no proof of prior experience on open-source projects.

5. Your description of a "privacy-safe sandbox concept" sounds like an air-gapped wallet such as Parity Signer. Is this the idea you are going for and if so are you planning to utilize QR codes, or implement some other methods with security in mind?

6. Also, a note about the price feed oracle, to be competitive I think you would need to update it much more than every 5 or 10 minutes. Most desktop wallets are capable of updating at speeds that feel like real-time.

[web3andrew]

Thanks for the application @web3andrew and for the deep dive @semuelle, I'm afraid I have to agree with the assessment that I wouldn't support this application in its current state. The price is reasonable, but:

1. The deliverables still don't contain any specifics on the tech used, as @Noc2 mentioned. What programming language is being used? (Rust, TypeScript, JavaScript, etc.) What will the front end be built in? (React, Vue, etc.) What kind of encryption is being implemented? Are you going to utilize an API service such as [Subscan](https://support.subscan.io/#extrinsic)?

2. What does "risk assessment/management" mean exactly? The provided [screenshot](https://user-images.githubusercontent.com/117150831/200757322-7e71bb05-9246-4367-bf43-f006627e1bab.png) uses vague language and doesn't describe how the components work in detail.

3. The application has typos/formatting issues and vague language. For example, I don't believe "UGA platform" is a widely used industry term (I could be wrong). Another example is the [formatting](https://github.com/web3andrew/Grants-Program/blob/master/applications/Web3Box.md#team-members) of the team member section. Not that the language has to be perfect, but currently it gives me the impression that not much effort was put into it.

4. As mentioned there is still no proof of prior experience on open-source projects.

5. Your description of a "privacy-safe sandbox concept" sounds like an air-gapped wallet such as [Parity Signer](https://github.com/paritytech/parity-signer). Is this the idea you are going for and if so are you planning to utilize QR codes, or implement some other methods with security in mind?

6. Also, a note about the price feed oracle, to be competitive I think you would need to update it much more than every 5 or 10 minutes. Most desktop wallets are capable of updating at speeds that feel like real-time.

Q1: Tech Details Client language: Electron.js React.js Server language: Node.js Build tool: Webpack

API Details On-chain Data: https://polkadot.subscan.io/ Price Data(in real-time): https://chain.link/

Btw, added them in the lastest commit https://github.com/w3f/Grants-Program/pull/1256/commits/6fa13deb30b1cd130b223da942ab0d370b51477f

Q2: Added more descriptions about Risk Assessment in the latest commit https://github.com/w3f/Grants-Program/pull/1256/commits/6fa13deb30b1cd130b223da942ab0d370b51477f

Q3: Deleted "UGA" and privacy-safe box descriptions, and we decided that we would focus on the dashboard, multi-chain wallet and risk assessment of Web3Box Client. Optimized the team info.

Q4: Team members have participated in the defi project https://github.com/netswap, Netswap official website https://netswap.io/

Q5: Focus on the dashboard, multi-chain wallet, and risk assessment of Web3Box Client.

Q6: Web3Box would get asset price from chainlink in real-time.

[web3andrew]

@semuelle @Noc2 @keeganquigley
Web3Box team made a big change about the proposal and we will focus on the implementation of milestone content such as Polkadot Dashboard, Multi-chain Wallet and Risk Assessment. We have streamlined the content of the Proposal by removing the UGA, privacy-safe box related descriptions. You guys could spare some time to read the latest commit again https://github.com/w3f/Grants-Program/pull/1256/commits/6fa13deb30b1cd130b223da942ab0d370b51477f Appreciate again for you guys’ feedback about Web3Box.

[web3andrew]

@semuelle @Noc2 @keeganquigley Web3Box team made a big change about the proposal and we will focus on the implementation of milestone content such as Polkadot Dashboard, Multi-chain Wallet and Risk Assessment. We have streamlined the content of the Proposal by removing the UGA, privacy-safe box related descriptions. You guys could spare some time to read the latest commit again 6fa13de Appreciate again for you guys’ feedback about Web3Box.

Hi, guys, any update about our application?

[web3andrew]

@semuelle @keeganquigley @Noc2 Sorry to disturb you guys again, Web3Box just wants to know the result of our application. We are looking forward to hearing from you guys.

[web3andrew]

Polkadot Ecology

@takahser @keeganquigley @Noc2 @semuelle For Polkadot Ecology, I mean this https://coinmarketcap.com/view/polkadot-ecosystem/ we would provide the risk assessment for Polkadot Ecology projects in the above coinmarketcap list. And the basic functions, the Web3Box Polkadot Dashboard & Wallet would be related to some risk assessment linkage of Polkadot assets, contracts, and accounts, which was planned to do about personal risk assessment in the future. So wallet and risk assessment are not independent.

And now, for risk assessment, we are focusing on project risk assessment in Polkadot Ecology. The initial evaluation dimensions are as follows and will be described in more detail by follow-up grant, and finally, each project will get its own risk score according to the following evaluation dimensions.

Risk Type 1: Projects' Rug-pull -Major holders' wallet assets distribution (Data Source: blockchain explorer or other centralized third-party) -Market Cap/ TVL (Data Source: Coinmarketcap) -Twitter followers increasing rate (Data Source: official Twitter ) -GitHub updating rate (Data Source: official Github)

Risk Type 2: Projects' Attacking -Audit Report (Data Source: audit institutions, like Certik, Slowmist, etc) -Security Vulnerability (Data Source: audit institutions, like Certik, Slowmist, etc)

Risk Type 3: Related to other highly risky projects -Investment and financing report (Data Source: pitchbook) -Cooperations with other projects (Data Source: official Twitter)

Risk Type 4: Users' Crash -Token price volatility ( Data Source: Chainlink/Coinmarketcap) -Rate of change in transactions volume ( Data Source: blockchain explorer) -User sentiment index ( Data Source: our devs will use an AI algorithm to figure out it basing on the comments of projects' Twitter)

[web3andrew]

Polkadot Ecology

@takahser @keeganquigley @Noc2 @semuelle For Polkadot Ecology, I mean this https://coinmarketcap.com/view/polkadot-ecosystem/ we would provide the risk assessment for Polkadot Ecology projects in the above coinmarketcap list. And the basic functions, the Web3Box Polkadot Dashboard & Wallet would be related to some risk assessment linkage of Polkadot assets, contracts, and accounts, which was planned to do about personal risk assessment in the future. So wallet and risk assessment are not independent.

And now, for risk assessment, we are focusing on project risk assessment in Polkadot Ecology. The initial evaluation dimensions are as follows and will be described in more detail by follow-up grant, and finally, each project will get its own risk score according to the following evaluation dimensions.

Risk Type 1: Projects' Rug-pull -Major holders' wallet assets distribution (Data Source: blockchain explorer or other centralized third-party) -Market Cap/ TVL (Data Source: Coinmarketcap) -Twitter followers increasing rate (Data Source: official Twitter ) -GitHub updating rate (Data Source: official Github)

Risk Type 2: Projects' Attacking -Audit Report (Data Source: audit institutions, like Certik, Slowmist, etc) -Security Vulnerability (Data Source: audit institutions, like Certik, Slowmist, etc)

Risk Type 3: Related to other highly risky projects -Investment and financing report (Data Source: pitchbook) -Cooperations with other projects (Data Source: official Twitter)

Risk Type 4: Users' Crash -Token price volatility ( Data Source: Chainlink/Coinmarketcap) -Rate of change in transactions volume ( Data Source: blockchain explorer) -User sentiment index ( Data Source: our devs will use an AI algorithm to figure out it basing on the comments of projects' Twitter)

@takahser @keeganquigley @Noc2 @semuelle Hi, guys, any update? :)

[Noc2]

Thanks for pinging us here. I will share the application again with the rest of the team.

[web3andrew]

Thanks for pinging us here. I will share the application again with the rest of the team.

Thanks, Sir:)

[keeganquigley]

Hi @web3andrew thanks for the updates and the additional detailed info. However, I think you can remove the 2. Risk Assement part since this module will be part of a follow-up grant, so we'll worry about it then.

Regarding your deliverables, 0e. Tech Details is not something we can evaluate, so can you remove this from the deliverables? Deliverables basically need to be tangible units of work that we can test and evaluate. Maybe you could break apart the various technologies and list each separately in the deliverable where it will be used.

For 0f. API Details can you change this to describe how you will implement the API and what the final implementation might look like?

For reference, here is a good example of what the deliverables should look like.

Considering the reasonable price for this grant, if you can fix the deliverables I will be in a better position to approve. Thanks!

[web3andrew]

@keeganquigley Hi, Keegan, I have updated the MD File according to your feedback, you could check it out. @Noc2 Hi, David, when I submitted the latest commit, Github dismissed your stale review automatically, but I did't know why it happened. Could you remark "APPROVED" again when you are available, sorry about the inconvenience.

[web3andrew]

Sure. Every time there is an update, I need to re-approve it and double-check that you haven't secretly increased the price, for example ;-)

Got it, I am not using Github very often since I am not a coder(But I am the Web3 builder, all in Web3 now). To be honest, I was very scared at that moment.

[keeganquigley]

Thanks for the additional changes @web3andrew, I'm willing to give you a chance and approve the application now! Congratulations and I look forward to seeing what you can come up with.

[github-actions[bot]]

Congratulations and welcome to the Web3 Foundation Grants Program! Please refer to our Milestone Delivery repository for instructions on how to submit milestones and invoices, our FAQ for frequently asked questions and the support section of our README for more ways to find answers to your questions.

Before you start, take a moment to read through our announcement guidelines for all communications related to the grant or make them known to the right person in your organisation. In particular, please don't announce the grant publicly before at least the first milestone of your project has been approved. At that point or shortly before, you can get in touch with us at [email protected] and we'll be happy to collaborate on an announcement about the work you’re doing.

Lastly, please remember to let us know in case you run into any delays or deviate from the deliverables in your application. You can either leave a comment here or directly request to amend your application via PR. We wish you luck with your project! :rocket:

[web3andrew]

Thanks for the additional changes @web3andrew, I'm willing to give you a chance and approve the application now! Congratulations and I look forward to seeing what you can come up with.

@Noc2 @keeganquigley Thanks, David & Keegan, appreciate you guys that giving us this chance and trusting Web3Box team, we will try our best to complete milestones and keep building Web3.

[web3andrew]

@semuelle @noc @keeganquigley Hi, guys, what should I do with this? Unfortunately, I submitted our milestone delivery unsuccessfully.I have writen the address, contact name, contact email, and total cost in this latest application md b6bd8e139792bd83599ff1384c54d3387cd69434.