What is this feature about? (1 sentence)

This feature will users allow to enter, see and use ENS names throughout the app.

Why is it needed? What is the value? For whom do we build it?

It is hard to recall and double-check Ethereum addresses. ENS provides a solution to this problem by offering a mapping between addresses and names such as tschubotz.eth

High-level overview of the feature

• Whenever we allow users to enter an address, they should also be able to enter ENS names. The app checks if it's a valid name and pulls the corresponding address.
• We don't reverse-resolve address throughout the app, just on the receive screen and on the address book view screen.

Screens

https://docs.google.com/document/d/1ITQNrLJc8BKxjXvnvX-qyDq0qPBKHkd4XbVkca4Yry8/edit

Redesigning iOS as part of integration proposal. Current designs put for review here: https://invis.io/FBPH0OFQ57P. Previous version for history: https://docs.google.com/presentation/d/1bgn9qh_HWq0poTdxORHkz580B3nKt50tJF6ySZnZXvo/edit#slide=id.g49dff9ba04_0_60

Redesigning iOS as part of integration proposal. Current designs put for review here: https://invis.io/PEPL75H7ZV6. Previous version for history: https://docs.google.com/presentation/d/1bgn9qh_HWq0poTdxORHkz580B3nKt50tJF6ySZnZXvo/edit#slide=id.g49dff9ba04_0_60

Currently users have no understanding how long they have to wait for transactions to be mined.
It would be better UX to show users the approximate time of mining for sent transactions for Safe creation and other transactions.

The user currently has to wait multiple minutes until the Safe is created. During this time it would be possible to show some introductions, explanations or demos on the screen.

Comment by @koeppelmann:

While waiting on the
“Deposit received”
We could have some “slides” explaining the features of the Safe
(E.g. what the extension is good for)/ as soon as we enable that: gas payment with tokens

It would be nice if we provide the possibility for a dapp to notify the Safe that an asset should be displayed to the user.

This has been proposed and implemented by MetaMask:
ethereum/EIPs#1426

Story
As a user I am able to pay transaction fees with a token other than ETH so there is no need to additionally hold ETH at all times.

Details

• The contracts have the functionality already.
• With which tokens do we start? GNO?

Story

As an advanced user I am able to add and remove custom tokens in order to be flexible integrating the Safe with new token projects.

Background / details

• Currently, a user can only enable/disable tokens from our predefined list.
• We don't have the option to manually add / remove custom tokens.
• Quite some users were asking for that feature.
• We should let users know that this is an advanced feature and they should know what they are doing.

It would great is users who want to send a confirmation of the transaction to the recipient (ie. the link to etherscan and tx hash) can share this directly from the Tx confirmation screen after making the transaction (or from the Tx detail screen at any point in time.)

Background
We rely for things like push notifications a lot on Google services (and Apple). Also, in China, Google services don't work. Is there a way to remove that dependency and enable users to use the apps without them, more decentralized?

Problem

Currently the user always has to type his password (if he doesn't have fingerprint) to confirm a transaction. This is quite cumbersome if you have multiple transactions in a row (e.g. slow.trade).

Solution

The user should be able to define an "safe" time during which it is not required to type the password again.

Another solution would be that the user can specify a PIN that can be used to confirm transactions while the app is unlocked (e.g. on Android, not in background for more than 5 minutes).

We haven't updated the Safe website in a while.
Update proposal can be found in this doc

Story
As a user I am able to manage my collectibles with the Safe so I don't need another wallet for this.

Details

• Handle ERC721 tokens inside clients

Related

• https://github.com/ethereum/EIPs/blob/master/EIPS/eip-721.md
• http://erc721.org/

To allow easy recovery, it would be useful to pull Safes by owners. With this, the user only needs to know the recovery phrase to restore a safe.

Also, it would be possible to sync metadata between the clients (e.g. Name)

Additional whenever something is happening which requires a notification, the server could send pushes to all owners.

Is there a way to make private transactions, e.g. via ring signatures/zk snarks?

Redesigning iOS as part of integration proposal. Current designs put for review here: https://invis.io/PYPF44ESJ6X. Previous version for history: https://docs.google.com/presentation/d/1bgn9qh_HWq0poTdxORHkz580B3nKt50tJF6ySZnZXvo/edit#slide=id.g49dff9ba04_0_60

Story
As a user I am able to use the Safe with a dApp on mobile so I don't need another wallet.

Details

• We should work on standards for this that get adapted by others
• Can we find a solution that works similar on Android and iOS?
  • iOS is much more restrictive concerning background services, deeplinking schemes etc.
• WalletConnect is working on this https://walletconnect.org (others too)

Would be good to integrate some FAQ solution for the apps.

Background

• The Gnosis Safe supports EIP1102, but it clashes with the Gnosis Safe whitelisting feature: gnosis/safe-browser-extension/issues/91

Issue(s)

• UX-wise, we currently require the user to first manually open the Safe browser extension in order to use a dapp.
• The intention of EIP1102 though is, that a dapp could trigger an approval request which is definitely the nicer flow.

👉 How can we ensure that the UX becomes more seamless while not sacrificing privacy?

Background
There are several projects that use state channels for the dApps. Perhaps we could integrate with them.

• https://spankchain.com/
• L4

Background
Instead of requiring the user to sign multiple transactions when performing just 1 logical action (e.g. when interacting with dApps), we should batch these together via the multi_send library.

Details

• We should work on an EIP to standardize this.
• https://github.com/gnosis/safe-contracts/blob/development/contracts/libraries/MultiSend.sol

Redesigning iOS as part of integration proposal

Currently, we distribute our browser extension exclusively via the Chrome webstore.
It would be great to have it available for the following as well:

• Opera
• Firefox
• Brave
• for manual installation

What is this feature about? (1 sentence)

With this feature, users see the fiat value of their assets as well as performed transactions.

Why is it needed? What is the value? For whom do we build it?

Users have a better understanding of fiat values than Crypto values, i.e. most people know what 1USD means, but have trouble determining if 0.05ETH is a lot or not, mainly due to the price volatility.
Besides that, users have been asking for this quite regularly.

High-level overview of the feature

• Let's start simple and only display fiat values on the assets overview screen.
• Users are able to set the reference currency (perhaps we start with EUR & USD)
• The backend returns the fiat values.

Screens

• Android: https://projects.invisionapp.com/share/5JQJD5ZX7MF#/screens
• iOS: https://projects.invisionapp.com/share/PEPL75H7ZV6#/screens

Story
As a user I am able to set a daily limit in my Safe so I don't need to confirm with a second device for small transactions.

Details

• How general do we want to make this module?
• There is a bounty that currently people are working on: https://gitcoin.co/issue/GnosisEcosystemFund/Gnosis-Bounties-/1/1624

Redesigning iOS as part of integration proposal. Current designs put for review here: https://invis.io/PEPL75H7ZV6#/336600641_03_Overview_Sasha_. Previous version for history: https://docs.google.com/presentation/d/1bgn9qh_HWq0poTdxORHkz580B3nKt50tJF6ySZnZXvo/edit#slide=id.g49dff9ba04_0_60

What is this feature about? (1 sentence)

This feature allows users to update the underlying smart contract of their Safe to the latest version.

Why is it needed? What is the value? For whom do we build it?

It can happen, that we need to update the Safe smart contract logic (the "mastercopy") in order to add more features or to fix bugs. We recently updated the mastercopy after formal verification was performed.
Users would like to take advantage of the latest security updates.
We as Gnosis have an interest in users updating their Safes so we don't have to support old versions.

High-level overview of the feature

• When the Safe version is not up to date with the latest one, users with old versions should see a notification inside the app that they should update.
• The upgrade requires 2FA confirmations.

Screens

https://docs.google.com/document/d/1wIUlaZMyPRwbVoAqOQ_LAQhlkWmehJuiOxq0ue47azg/edit#

Details

• The app knows the current supported master copy address.
• The app also has a list of previously supported master copy addresses.
• The app only allows upgrading from a previously supported master copy address to the current one.
• Users are not allowed to recover a Safe with a not supported master copy.
• The backend makes sure that the current creation endpoint doesn't use a new master copy all out of the sudden.
  • If we decide to use another one, there needs to be a new creation endpoint, otherwise there will be issues in the clients.
• Not part of this issue, but future ones:
  • App update reminders to make sure users have the latest app version.
  • Block the user from using the app and force them to upgrade the master copy if they use a too old one.

Story
As a user I am able to use the Gnosis Safe in other languages so I know what's going on even if I don't speak English.

Background

• Not all crypto holders speak English. ➡️ We should add more languages.
• Currently supported languages:
  • English
  • German
  • Korean
  • Spanish
  • Galician

Acceptance criteria

• Fallback language, in case a word is not available in the respective langauge, should always be English.
• All user interfaces should still work with all languages.
• We use Lokalise for managing translations. (https://lokalise.co/project/642211945bbb21460ac640.69731803/)

Edit by Tobi:

Story

As a user I am able to clearly differentiate the Rinkeby app from the mainnet app, so I don't send any mainnet ETH to a Rinkeby address.

Background

• There were quite some people sending mainnet ETH for Safe creation to a Rinkeby address. We should prevent people from doing that.
• The Rinkeby apps are also publicly available.
• We currently only have the differentiation based on the app icons.

Edit end

• Initial UX proposal created by @Mettenim https://invis.io/83PN45YQRJC
• My UI proposal can be found here:
  https://invis.io/X7PP4TUDZ6F
  https://invis.io/EXPP4U8W5NH
  https://invis.io/YZPP4UBKXMW

Story

As a user I am able to use tokens for Safe creation as well as Safe transactions in order to not need ETH for everything.

Background

• With the Gnosis Safe contracts, it is possible to pay for Safe creation as well as transactions with tokens instead of just ETH.
• This is interesting for Dapps that use their own token since users don’t need to always hold ETH, additionally.
• Android has a prototype for this implemented, but no UX thoughts did go into it.

Acceptance criteria

(Just the most important ones, has to be refined during UX research phase.)

• User can create Safe with tokens.
• User can decide whether to create a Safe with ETH or a specific token.
• User can make txs with tokens.
• User can decide which token or ETH to use for transactions.

Open questions

• What if the server decides to not accept a specific token anymore?

As part of our alignment of Safe iOS and Android design, we should unify the receive screens on both platforms.

Things I like on iOS:

• Format of the address (Highlighting of first and last 4 chars)
• The info text on top with the purpose of the address etc. ("Receive Ether and tokens ...")
• Bigger (more visible) identicon.

Things I like on Android:

• Clarity, less cluttered
• Share button more obvious
• Long tap to copy address.

Current iOS Version:

Current Android version:

Proposal created:
https://invis.io/P7PP56T9JSZ

Changelog:

• TABS > Modified font-size and icon dimensions.
• TABS > Active tab has a ticker bottom border and the text uses the same blue highlight.
• Exclusively uses token symbol codes on the left side.
• Balances are displayed without the token symbol appended.
• Several lengths of balances are displayed to visualize available length and wrapping.
• ADD TOKEN has been added to be in line with the iOS app.

Story
As a user I am able to use the Gnosis Safe with dApps on my browser so I can make use of my funds.

Background

• There is EIP-1102.
• Metamask is used by pretty much everyone, but the current Web3Provider standards don't account for multiple providers.
• There are dApps that would like to specifically with the Safe (at least slow.trade, Olympia).
• The current "hacky" overwrite solution is not 100% reliable.

Acceptance criteria

• There are 2 ways, the dApps could be integrate with the Safe extension:

Way 1: Communicate with extension via injected Web3Provider

• If no other provider installed:
  • If website not whitelisted: do nothing
  • If website is whitelisted: inject (EIP-1102)
• If other provider installed
  • Display info/error message to the user that there is another one and that will cause problems. (Same like Metamask)
    • How will this message be displayed? Console first, some other UI perhaps later

Way 2: Communicate with extension via channel other than the injected provider

• For dApps that want to integrate specifically with the Safe, no matter if the user has a Safe or not.
• Still respect whitelisting toggle, i.e. only allow communication when site (dApp) is whitelisted.

→ The Safe extension will only be usable, (1) if there is no other provider available or (2) if the dApp specifically integrates with it via some kind of library.

see epic #3

Would be nice to have a possibility to reset password from unlock screen.
It can be done with a recovery phrase.

Story
As a user I am able to easily set up a Safe and add flexibly add a second factor authenticator in order to make my Safe more secure only when needed.

Background
We currently allow users to connect to our browser extension or use the Safe just with 1 device. We should open this up to additionally / alternatively connect it to hardware wallets. Also, we have noticed that connecting the browser extension is a major friction point, so many users won’t do it. That opens up the question, how can they bridge the gap between mobile device and desktop dapps? WalletConnect could be a solution. We would not need a Chrome extension additionally anymore, though.

Details

• Possible authenticators
  • Hardware wallets:
    • Ledger
    • Trezor
    • Status (https://hardwallet.status.im/)
  • Apps
    • Parity Signer (https://github.com/paritytech/parity-signer/)
    • Gnosis Safe
    • Separate Safe Authenticator app
  • Email Messages (enter security code)
  • Watch devices (apple / android)

Technical Dependencies

• EIP-712 is currently not implemented in Trezor, Ledger or Parity Signer
• Communication between client and hardware wallet needs to be implemented

What is this feature about? (1 sentence)

This feature will enable users to see incoming transactions as well as the history of transactions related to their Safe.

Why is it needed? What is the value? For whom do we build it?

Currently, we only store past transactions locally on mobile devices. That means when a Safe is removed and recovered, that list is cleared.
Furthermore, we only show "outgoing transactions", i.e. transfers and contract interactions initiated bt the Safe itself.
Users were expecting both features.

High-level overview of the feature

• The backend is tracing and storing all Safe transactions.
• There will be an endpoint the clients can use to pull transaction data.

Open questions / potential issues

• It's a bit tricky to figure this out since we work with internal transactions.
• eth.events is also researching on how to make internal txs accessible.
• Does it make sense to detect also outgoing txs in a similar fashion?

Screens

• No specific new screens. Regular transaction list and overview screens from #71 should be used.

@tschubotz Based on safe-global/safe-android#304

Proposals:

• Android: https://invis.io/ARPG0XSTJMZ#/337567048_-ANDROID-_2-_Welcome_Main
• iOS: https://invis.io/PYPF44ESJ6X#/336311762_01_Start_

Now when some error occurs the user often can see "Unknown error" message. In my case it was shown on Android when estimation service was down.

We need to align error messages to show between platforms.

Background
In order to get more traction, it's always important to get store ratings and reviews.

Details

• We could ask the user via a popup once to rate the app.
• We could add an entry to the sidebar to ask for a review / rating.
• Are they libs/SDKs that facilitate this?

Updating the Send Token screen for Android. Different proposals:

Using upfront visible action buttons, according to approx. existing implementation:
https://invis.io/EZPP8NNYXAQ

Using a grouped input field / action button (three dots) which opens a bottom sheet:
https://invis.io/CSPVFSH7QUN
https://invis.io/QRPP8NRSVHX

Please also follow the comments in each of the respective inVision screen.

Story
As a user I am able to use my hardware wallet with the Gnosis Safe so I get more security.

Details

• How should this look in details?
  • Would this be another owner?
  • Would this be instead of the recovery phrase?
  • How would they connect to the mobile phone?
  • Can we leverage Metamask's integration for this?
• Which hardware wallets? Trezor, Ledger, Status?

What is this feature about? (1 sentence)

Users are able to choose recovery options including but also beyond backing up their mnemonic.

Why is it needed? What is the value? For whom do we build it?

Account recovery beyond backup up private keys is one of the nice things about smart contract wallets. Fund recovery is still one of the biggest friction points when using crypto.

High-level overview of the feature

• Users can choose between one or more recovery options.
  • Mnemonic, Hardware wallet (Keycard, Ledger)
  • More than 1 can be active, only 1 is required for recovery
• For each one, user can configure if recovery happens right away or if there is a timelock.
  • Safe can stop the timelock by making a transaction.

Related links:

• https://github.com/gnosis/fund-recovery <- outdated, but lists most important options.
• https://www.argent.xyz/ <- contract wallet, social recovery
• https://airgap.it/ <- social recovery via Sharmir’s secret sharing
• https://docs.google.com/document/d/1-3CoPazVOomEU8AywDE9dn-FUqsMg7taA92SqXWV_CQ/edit <- start of a recovery doc
• https://docs.google.com/document/d/1sUpR1SI5Dh8A2BRueHAiEs0odDBGz9UCwoFLxu_fRIc/edit <- really early overview of recovery options from beginning of the year
• HTC Exodus 1 phone - social recovery via Shamir’s secret sharing

Story
As a user I am able to enter an address by scanning a QR code so I can make transactions faster.

Background

• It is hard to know what a data transactions actually does.
• It is hard to know if a transaction is malicious.
  -> We should investigate ways to improve that.

Related

• https://www.4byte.directory/ and https://gist.github.com/pipermerriam/79429c2163969ff732d5f2aabaaaf0e5 - Mapping of 4byte function signatures to human-readable form.
• Info about the security of the contracts might help:
  • https://www.panvala.com/ - TCR of secure smart contracts
  • https://www.solidstamp.com/

In order to prepare for the mainnet release on iOS, we need app store assets (screenshots of the app).

I would suggest to take similar screenshots like on the PlayStore (https://play.google.com/store/apps/details?id=pm.gnosis.heimdall) minus the screen with the recovery phrase screen since it’s different.

The size of the screenshots can be found on https://help.apple.com/app-store-connect/#/devd274dd925 (Required are 5.5inch screenshots. I think that enough for now.)

I’ll provide the description, keywords etc. and anything else that’s needed.

Created two proposals with slightly different shade accentuation:

1. https://invis.io/P7PP56T9JSZ
2. https://invis.io/8RPP5707XM9

I'd opt for going with option 1. Please review.

Identicons should look the same between platforms.

When creating a Safe user can have an option to personalise the safe address.
Like I want my safe address to start with 0x777555...
This is a good candidate for A/B test.
We could make it as a freemium option (N chars for free, and then you can buy it with an in-app purchase depending on the desired length up to M)