A comprehensive Django-based web application for secure Ethereum wallet management, featuring multi-signature transactions and zero-knowledge proofs. This enterprise-grade solution provides robust security features while maintaining user-friendly interfaces for cryptocurrency management.
- Features
- Technical Architecture
- Security Architecture
- Prerequisites
- Installation
- Configuration
- Development Setup
- Production Deployment
- API Documentation
- Testing
- Security Considerations
- Troubleshooting
- Contributing
- License
-
User Authentication & Authorization
- Email-based registration
- Two-factor authentication support
- Role-based access control
- Password recovery system
- Session management
-
Wallet Management
- Multiple wallet support per user
- Encrypted private key storage
- Real-time balance tracking
- ETH/USD price conversion
- Transaction history
-
Transaction Operations
- ETH transfers
- Gas price optimization
- Transaction status monitoring
- Receipt verification
- Nonce management
-
Multi-Signature Transactions
- Configurable signature thresholds
- Time-bound approval windows
- Signature verification
- Transaction lifecycle management
-
Zero-Knowledge Proofs
- Balance verification without disclosure
- Range proofs for threshold checking
- Cryptographic commitment schemes
- Privacy-preserving verification
secure-banking/
├── accounts/ # User authentication
│ ├── models.py # CustomUser model
│ ├── forms.py # Authentication forms
│ └── views.py # Auth views
├── banking/ # Core banking logic
│ ├── models.py # Transaction models
│ ├── utils/ # Utility functions
│ │ ├── web3_utils.py # Web3 integration
│ │ ├── zkp_utils.py # ZK proofs
│ │ └── multisig_utils.py# Multi-sig logic
│ └── views.py # Banking views
├── templates/ # HTML templates
├── static/ # Static assets
└── auth_project/ # Project settings
CustomUser:
- id: BigAutoField (PK)
- email: EmailField (unique)
- username: CharField
- password: CharField (hashed)
- last_updated: DateTimeField
Wallet:
- id: BigAutoField (PK)
- user: ForeignKey(CustomUser)
- address: CharField(42)
- encrypted_private_key: TextField
- is_primary: Boolean
- created_at: DateTimeFieldTransaction:
- id: BigAutoField (PK)
- from_wallet: ForeignKey(Wallet)
- to_address: CharField(42)
- amount: DecimalField(24,18)
- gas_price: DecimalField
- status: CharField
- tx_hash: CharField(66)
- nonce: Integer
- created_at: DateTimeField
MultiSigTransaction:
- transaction: OneToOneField(Transaction)
- required_signatures: Integer
- current_signatures: Integer
- expires_at: DateTimeField
TransactionSignature:
- multi_sig_transaction: ForeignKey(MultiSigTransaction)
- signer: ForeignKey(Wallet)
- signature: TextField
- signed_at: DateTimeField- Private Key Management
# Encryption at rest using Fernet
encryption_key = settings.ENCRYPTION_KEY
fernet = Fernet(encryption_key)
encrypted_private_key = fernet.encrypt(private_key.encode())- Multi-Signature Implementation
# Signature verification
def verify_signature(self, signature, message, address):
recovered_address = web3.eth.account.recover_message(
encode_defunct(text=message),
signature=signature
)
return recovered_address.lower() == address.lower()- Zero-Knowledge Proofs
# Balance proof generation
def generate_proof(balance, threshold):
commitment = multiply(G1, balance)
difference = balance - threshold
proof = create_range_proof(difference, range_max)
return proof- CSRF protection enabled
- SQL injection prevention
- XSS protection
- Rate limiting
- Input validation
- Secure headers
- Session security
- Encrypted storage
- Python 3.12+
- Node.js 14+
- Docker 20.10+
- 2GB RAM minimum
- 20GB storage
Django==5.1.2
web3==6.11.3
py-ecc==7.0.0
cryptography==41.0.7
gunicorn==21.2.0
- Ethereum Node (Infura/Geth)
- SMTP Server
- Redis (optional caching)
- Clone and setup virtual environment:
git clone <repository-url>
cd secure-banking
python -m venv venv
source venv/bin/activate # Unix
venv\Scripts\activate # Windows- Install dependencies:
pip install -r requirements.txt
pip install -r requirements-dev.txt # Development dependencies- Environment configuration:
cp .env.example .env
# Required variables
DJANGO_SECRET_KEY=<secure-random-key>
WEB3_PROVIDER_URL=https://mainnet.infura.io/v3/<your-project-id>
ENCRYPTION_KEY=<fernet-encryption-key>
DEBUG=0
DJANGO_ALLOWED_HOSTS=localhost,127.0.0.1- Development environment:
# Build images
docker-compose build
# Run services
docker-compose up -d
# Create database
docker-compose exec web python manage.py migrate
# Create superuser
docker-compose exec web python manage.py createsuperuser- Production environment:
# Build production images
docker-compose -f docker-compose.prod.yml build
# Deploy services
docker-compose -f docker-compose.prod.yml up -d
# Configure Nginx
docker-compose exec nginx nginx -t
docker-compose exec nginx nginx -s reloadKey settings in settings.py:
# Security settings
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True
# Web3 settings
WEB3_PROVIDER_URL = os.environ.get('WEB3_PROVIDER_URL')
ENCRYPTION_KEY = os.environ.get('ENCRYPTION_KEY')
# Authentication settings
AUTH_USER_MODEL = 'accounts.CustomUser'
LOGIN_URL = 'accounts:login'
LOGIN_REDIRECT_URL = 'banking:wallet_dashboard'server {
listen 80;
server_name example.com;
location / {
proxy_pass http://web:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
location /static/ {
alias /app/staticfiles/;
}
}- Setup pre-commit hooks:
pre-commit install- Run tests:
python manage.py test
pytest
coverage run manage.py test- Code quality checks:
flake8
black .
isort .- Django Debug Toolbar
- Coverage.py for test coverage
- Black for code formatting
- Flake8 for linting
- pytest for testing
- Security configuration:
# Generate new secret key
python -c "import secrets; print(secrets.token_urlsafe(50))"
# Generate encryption key
python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key())"- SSL/TLS setup:
# Install certbot
sudo apt-get install certbot python3-certbot-nginx
# Obtain certificate
sudo certbot --nginx -d example.com- Database backup:
# Backup
docker-compose exec web python manage.py dumpdata > backup.json
# Restore
docker-compose exec web python manage.py loaddata backup.json- Setup logging:
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'handlers': {
'file': {
'level': 'INFO',
'class': 'logging.FileHandler',
'filename': 'debug.log',
},
},
'loggers': {
'django': {
'handlers': ['file'],
'level': 'INFO',
'propagate': True,
},
},
}- Health checks:
HEALTHCHECK_URLS = {
'db': 'django.contrib.db.backends.base.DatabaseWrapper',
'cache': 'django.core.cache.backends.base.BaseCache',
}POST /accounts/login/
- username/email
- password
Returns: JWT token
POST /accounts/signup/
- username
- email
- password1
- password2
Returns: User object
POST /accounts/logout/
- Authorization header
Returns: Success message
GET /banking/dashboard/
Returns: Wallet balances, recent transactions
POST /banking/create-wallet/
Returns: New wallet address
POST /banking/send-transaction/
- from_wallet
- to_address
- amount
Returns: Transaction hash
GET /banking/transactions/
Returns: Transaction history
POST /banking/multisig/create/
- from_wallet
- to_address
- amount
- required_signatures
Returns: MultiSig transaction object
# Test wallet creation
def test_create_wallet(self):
user = CustomUser.objects.create_user(
username='testuser',
email='test@example.com',
password='testpass123'
)
web3_client = Web3Client()
wallet = web3_client.create_wallet(user)
self.assertTrue(Web3.is_address(wallet.address))
self.assertTrue(wallet.encrypted_private_key)# Test transaction flow
def test_transaction_flow(self):
self.client.login(username='testuser', password='testpass123')
response = self.client.post('/banking/send-transaction/', {
'from_wallet': self.wallet.address,
'to_address': '0x742d35Cc6634C0532925a3b844Bc454e4438f44e',
'amount': '0.1'
})
self.assertEqual(response.status_code, 302)
tx = Transaction.objects.latest('created_at')
self.assertEqual(tx.status, Transaction.PENDING)- Private keys are encrypted at rest using Fernet symmetric encryption
- Keys are never stored in plaintext
- Key material is stored in secure environment variables
- Nonce management prevents replay attacks
- Gas price validation prevents overspending
- Amount validation prevents overflow
- Address checksum validation
- Time-bound signatures prevent replay attacks
- Signature count validation
- Signer uniqueness validation
- Transaction expiration
- Range proof validation
- Commitment scheme security
- Proof verification
- Privacy preservation
- Transaction Failures
# Check gas price
web3_client = Web3Client()
gas_price = web3_client.w3.eth.gas_price
print(f"Current gas price: {gas_price} wei")
# Check nonce
nonce = web3_client.w3.eth.get_transaction_count(wallet.address)
print(f"Current nonce: {nonce}")- Multi-Signature Issues
# Check signature status
multisig = MultiSigTransaction.objects.get(transaction__tx_hash=tx_hash)
signatures = TransactionSignature.objects.filter(multi_sig_transaction=multisig)
print(f"Signatures: {signatures.count()}/{multisig.required_signatures}")- Web3 Connection
# Test connection
def test_web3_connection():
web3 = Web3(Web3.HTTPProvider(settings.WEB3_PROVIDER_URL))
return web3.is_connected()- Transaction Monitoring
# Monitor transaction status
def get_transaction_status(tx_hash):
try:
receipt = web3.eth.get_transaction_receipt(tx_hash)
return receipt['status']
except Exception as e:
return f"Error: {str(e)}"- Fork and clone:
git clone https://github.com/yourusername/secure-banking.git
cd secure-banking- Create branch:
git checkout -b feature/your-feature-name- Development workflow:
# Install dev dependencies
pip install -r requirements-dev.txt
# Run tests
pytest
# Check code quality
flake8
black .
isort .
# Run pre-commit hooks
pre-commit run --all-files- Django Framework for web framework
- Web3.py for Ethereum integration
- py-ecc for zero-knowledge proofs
- Fernet for encryption
- Bootstrap for frontend
- Docker for containerization
For updates and support, visit the project repository.