Enhancing Security in Smart Contract Wallets : An OTP Based 2-Factor Authentication Approach

Abstract

As cryptocurrencies have gained widespread popularity, the security and handling of crypto-assets have become increasingly crucial. Numerous attacks targeting both users and blockchain platforms have led to substantial financial losses. This paper proposes a system for 2-factor authentication (2FA) for smart contract wallets, providing users with a flexible, secure, and customizable way of managing their crypto assets. The proposed methodology utilizes cryptographic hash functions and hash chains to generate One-Time Passwords (OTPs) for authentication, ensuring protection against unauthorized access. The 2FA setup involves a client interacting with a smart contract along with an authenticator and software wallet while using the public-private key pair of wallet as the first factor, and OTPs as the second factor. This is done through a two-stage protocol for bootstrapping and operation execution, and offers a level of security similar to traditional authentication schemes like HOTP. Using a novel pre-commitment scheme we also defend the users from front-running attacks. The implementation of the system is done in the context of public blockchain evaluating the practicality and effectiveness of the 2FA model. We open source our implementation for the Ethereum platform and make it available for the community. Furthermore, we analyse the cost incured based on gas consumption, space requirements and payload. In addition we suggest future enhancements for shorter OTP lengths and time based OTPs. © 2025 Copyright held by the owner/author(s).