Every week we deep dive into blockchain programming, and we show you how Moralis makes blockchain development feel like a breeze. From performing experiments to fixing blockchain data access problems (and everything in between) – Moralis takes care of it all! This week, we’ll look specifically at building a wallet with Moralis!
Moralis is here to support you and is eager to be your “wingman” as we build the future of finance together.
This week we’re going back to basics. Join us as we explore key security and custom wallet utility.
Up This Week: Moralis-Powered Web Wallets
What is a crypto wallet?
Most people would say, “it’s what holds your cryptocurrencies.” This is accurate, but doesn’t tell the whole story.
As blockchain experts, we know that coins are not stored in wallets, but on the blockchain. Our wallets are more like keychains, which give access to our own private blockchain-based lockboxes of value.
But what about the tools that come with a crypto wallet, such as send and receive functions?
Of course, a wallet is not complete with only the ability to “hold” assets, it needs also to transmit them. These functions are often available directly through the browser extension wallet. Yet, for more robust options, and deeper configuration, we can use Moralis.
With Moralis, we are no longer tied to the confines of an external wallet platform. By connecting our key to a custom wallet powered by Moralis, we can build out the functions we need and in a way that works best for our dApps.
Before we dive into the details, let’s review the role that our seed key will play in our Moralis wallet.
A cryptocurrency wallet, in its most basic form, is a seed phrase.
Seed phrases are the highest primitive in wallet creation. Things such as keystore, private keys, and public addresses can all be derived from the seed phrase.
Seed phrases come in 12 and 24-word varieties, and both choices are considered secure (variations on the 12/24 model also exist, which may include an additional custom word).
In this overview, we’ll review a 12-word keyphrase. As an example, here we have a seed phrase, generated for demonstration purposes (THE KEY IS UNSAFE: DO NOT USE):
Using this seed phrase (and the standard Ethereum derivation path: M/44’60’/0’/0), we can view an address list (derived from the seed). The following five addresses are derived from the seed phrase:
Looking at the first address (0xdce71b2b33d787529175176029704c6bd7457c2e), combined with our seed phrase, we know that:
The Public Key is: 0x0351aeecef73aff58aec632cf5e15fcf744df9edaa60b3e02b62487244c29c1bda
The Private Key is: 0x08ec9d8a4504d0b0a7013e24657b21065c7346dd34db27c6cebdcca6835af1ef
(The same information can be determined for each address, all that is needed is the seed phrase.)
Beyond these five addresses, an unlimited number of additional addresses can also be generated from the same seed phrase. The private key to unlock each address can also be determined. The seed phrase provides direct and full access to both.
Creating a Wallet
Once we consider the significance behind a seed phrase, we must then consider how that phrase is generated. There are essentially three common methods used to generate a seed phrase.
The first two are achieved through software.
Browser extension wallets, such as MetaMask, allow users to create a new seed phrase when starting up the wallet for the first time. Other mobile wallet alternatives feature similar functions.
Alternatively, some websites offer the option to generate a seed phrase through the browser or using a web tool (online or locally). One of these services is MyEtherWallet (which was used in generating our sample phrase).
With each of these choices, users must be cautious to ensure that their workstations are secure. If a third party observes the production of a seed phrase, they will have access not only to the first address generated by that seed, but every subsequent address as well. Keyloggers and other pieces of malicious code can have catastrophic effects if they result in the leak of active key data.
For this reason, many users opt for the third option: a device capable of offline seed key generation, or ‘hardware wallet’.
Hardware wallets seek to ensure that only signed transactions are exposed to the internet, while the private key data is held by the hardware device alone. A variety of different designs are in use, each claiming to provide the best solution for this.
It is important that users have an in-depth understanding of their own wallet hardware (if using one) and how it stores keys and sends transactions, as specific steps and precautions may vary between devices.
As a point of clarity: offline seed generation is considered more secure and lower risk than online seed generation. However, exact levels of security are based on the specific behavior of the user.
Building a Wallet Interface with Moralis
Today’s application is an extension of the application built for the “Ethereum Development for Beginners” series. It’s a static HTML/CSS/JS website built using bootstrap templates and classes and, of course, Moralis.
Furthermore, there is a sign-in form to authenticate users via MetaMask. Once the user is authenticated, it will redirect the user to the dashboard/wallet page. From here, there are several functions available on the left to use and interact with.
Before you play with this application, we recommend you follow these basic steps:
- Download the source code and run it using Visual Studio Code and the “Live Server” extension.
- Spin up a Moralis server and use your own “Server URL” and “Application ID”.
The documentation available for these functions is excellent, and you can find more to support building a wallet and sending assets here:
Thanks for reading! We hope you found this week’s Moralis Magazine and the instructions for building a wallet using Moralis useful.
See you next time 💚
The Moralis Research Team