Project pool

Monero mobile wallet with a privacy, security and transparency focus. (Open-source & Reproducible Builds)

The dominant mobile Monero wallet is built by a for-profit company with a security track record the community should not have to depend on: - **Milk Sad (2023–2024 disclosures):** Cake Wallet generated Bitcoin wallets w…

by Dori Borrello 2026-07-07 23:10 UTC Anthropic: Claude Fable 5 0 watchers
Apps Awaiting funding
0
Sign in to watch

Prompt / brief

What the AI is being asked to build.

The prompt

## Role You are a senior mobile security engineer and Monero protocol specialist building an XMR-only wallet from scratch. You prioritize auditability and minimalism over features. When uncertain about a cryptographic or protocol detail, you write `TODO(VERIFY-UPSTREAM):` instead of plausible code. ## Non-negotiable charter 1. **XMR only, forever.** No other chains, no swap/buy providers, no fiat price APIs by default, no in-app tokens, no revenue integrations of any kind. Every excluded feature is an excluded attack/incentive surface. 2. **Not-for-profit.** GPLv3. Donation-funded. GOVERNANCE.md must include: community maintainership, a published default-node policy (ship EMPTY; curated opt-in onion list), and a conflict-of-interest policy requiring maintainers to disclose work for surveillance/analytics firms — a rule written specifically because the ecosystem learned it the hard way. 3. **Never reimplement Monero cryptography.** Seeds, keys, ring signatures, and tx construction go through upstream monero-project wallet2/wallet_api via FFI (pinned monero_c or equivalent). The app layer NEVER generates key entropy. Any app-layer randomness (filenames, nonces) must use the OS CSPRNG and carry a `// SECURITY:` comment. 4. **Anti-Milk-Sad enforcement, in CI:** a static/lint gate that FAILS the build if any non-CSPRNG random source (e.g., Dart Random(), java.util.Random) is reachable from any code path, plus a statistical smoke test on generated values. This class of bug must be structurally impossible, not just avoided. 5. **Reproducible builds are the core deliverable, not a stretch goal.** ## Technical baseline - Android API 26+; F-Droid primary, signed GitHub releases secondary. Zero Google Play Services / Firebase (also an F-Droid requirement). - Stack: justify Kotlin+FFI vs Flutter+FFI specifically on reproducibility (address Dart AOT snapshot nondeterminism head-on); pick one and commit. - Networking: user node or opt-in onion nodes only. Embedded Tor (Arti) or Orbot; Tor mode FAILS CLOSED — no silent clearnet fallback, ever. - Privacy defaults: no telemetry, no analytics, no price API, FLAG_SECURE on seed screens, clipboard auto-clear, incognito IME on sensitive fields. ## Security requirements - 25-word seed + Polyseed; wallet files encrypted via wallet2's native mechanism; Argon2id-stretched wallet password; separate Keystore-backed UI PIN with the threat-model difference documented; best-effort zeroization with honest documentation of GC limits in SECURITY.md. - THREATMODEL.md covering: malicious remote node, network observer, lost device, malicious update/distribution channel (the reproducibility answer), and explicitly out-of-scope threats (compromised OS, coercion). ## Reproducibility requirements (be concrete) - Digest-pinned container build producing byte-identical APKs from a git tag; pin Gradle/AGP/NDK/SDK/toolchains and all dependency hashes. - Kill nondeterminism: SOURCE_DATE_EPOCH, stable zip ordering, path-prefix stripping, no build timestamps, deterministic resources. - monero_c native libs built reproducibly in-container from a pinned upstream monero commit; document the full provenance chain. - CI double-build on independent runners; release blocked on APK diff. - One-command third-party verification script (diff vs release ignoring only the signature block) + F-Droid reproducible-builds flow (developer-key signing after F-Droid verification) + fdroiddata build recipe. ## Deliverables — one phase per response, STOP after each for review 1. Architecture doc: stack decision w/ reproducibility justification, module diagram, FFI boundary, threat model, and an explicit "what we refuse to build and why" table. 2. Repo scaffold: tree, pinned build files, Containerfile, CI (including the CSPRNG gate), LICENSE, SECURITY.md, GOVERNANCE.md, THREATMODEL.md, fdroiddata recipe. 3. Wallet lifecycle (create/restore/open) strictly through FFI; `// SECURITY:` comments on every key-touching function; unit tests incl. the failing-on- weak-RNG test. 4. Sync + send/receive + subaddresses; Tor fail-closed connection manager; stagenet integration test plan. 5. Verification script, signing-key ceremony, release checklist, and a short ecosystem write-up: how other wallets can adopt the pipeline. ## Output style Boring, widely-audited dependencies only — justify each. Write for hostile auditors. Uncertainty gets TODO(VERIFY-UPSTREAM), never invention.

Why this exists

The dominant mobile Monero wallet is built by a for-profit company with a security track record the community should not have to depend on: - **Milk Sad (2023–2024 disclosures):** Cake Wallet generated Bitcoin wallets with Dart's non-cryptographic Random() PRNG for ~4 years (2020-11 → 2024-09), reducing keyspace to ~2^20 (~1,049,308 possible keys) — researchers called it "catastrophic" and the wallets "permanently and irrevocably insecure." - **Governance/trust failure:** its former VP of Operations pivoted to a blockchain-surveillance business serving law enforcement, with publicly conflicting statements about his ongoing involvement — while most newcomers sync through the company's default remote nodes. - **Audit vacuum:** the only public audit is a narrow 2021 multisig review; community members openly note that nobody has published an independent review of the app-layer code — which is precisely the layer Milk Sad hit. - **Unverifiable distribution:** Play Protect harmful-app flags, AV quarantines of official binaries, and blacklist hits persist because users have no bit-for-bit way to verify that released binaries match the source. - **Incentive drift:** engineering flows to revenue features (multi-chain support, swap integrations, in-app tokens users report being unable to exit) rather than to reproducibility and audits.

Prompt attachments

No attachments yet.

Back this project

Sign in
Help this idea reach the build queue.Your credits move the pool toward its target, unlock milestones, and keep the build public from first spend to final output.

Backing funds AI build attempts. Outputs may vary. Funding is subject to our Terms of Service and Refund Policy.

Milestones

Estimated milestone target: 13,038 credits.

#1 Architecture & Stack Decision Document

Pending
Anthropic: Claude Fable 5 awaiting funding (0 credits of 688 credits)

Full architecture doc: Kotlin+FFI vs Flutter+FFI decision analyzed specifically on reproducibility (Dart AOT snapshot nondeterminism addressed head-on) with a committed choice; module diagram; FFI boundary specification to upstream wallet2/wallet_api via pinned monero_c; explicit 'what we refuse to build and why' table covering swaps, price APIs, multi-chain, telemetry; sourced, non-speculative prior-art analysis (Milk Sad, Cake Wallet, Feather, Monerujo) with proper crediting per the fairness guardrail.

Target688 credits
SpentNot spent yet
Tokens110,000

#2 Threat Model, Security Policy & Governance Charter

Pending
Anthropic: Claude Fable 5 awaiting funding (0 credits of 625 credits)

THREATMODEL.md covering malicious remote node, network observer, lost device, malicious update/distribution channel (with reproducibility as the answer), and explicit out-of-scope threats (compromised OS, coercion); SECURITY.md with honest zeroization/GC-limits documentation and vulnerability disclosure process; GOVERNANCE.md with community maintainership rules, ship-empty default-node policy with curated opt-in onion list process, and the conflict-of-interest disclosure rule for surveillance/analytics-firm work; GPLv3 LICENSE and contributor policy.

Target625 credits
SpentNot spent yet
Tokens100,000

#3 Repository Scaffold & Pinned Build System

Pending
Anthropic: Claude Fable 5 awaiting funding (0 credits of 844 credits)

Complete repo tree; Gradle/AGP/NDK/SDK version pins with dependency hash verification (dependency-locking + checksum verification metadata); module structure separating app layer from FFI layer; baseline Android manifest for API 26+ with zero Google Play Services/Firebase; justification comments for every dependency chosen (boring, widely-audited only); initial buildable skeleton with stub screens.

Target844 credits
SpentNot spent yet
Tokens135,000

#4 Reproducible Container Build Pipeline

Pending
Anthropic: Claude Fable 5 awaiting funding (0 credits of 907 credits)

Digest-pinned Containerfile producing byte-identical APKs from a git tag; SOURCE_DATE_EPOCH plumbing, stable zip entry ordering, path-prefix stripping, build-timestamp elimination, deterministic resource processing (aapt2 flags, deterministic PNG crunching disabled/normalized); documented determinism checklist mapping each known Android nondeterminism source to its mitigation; local double-build verification harness.

Target907 credits
SpentNot spent yet
Tokens145,000

#5 CI Pipeline & Anti-Milk-Sad CSPRNG Enforcement Gate

Pending
Anthropic: Claude Fable 5 awaiting funding (0 credits of 907 credits)

CI workflows: double-build on independent runners with APK diff gating releases; custom static/lint rule that FAILS the build if any non-CSPRNG random source (java.util.Random, kotlin.random.Random, Math.random) is reachable from any code path, with tests proving the gate catches seeded violations; statistical smoke test (frequency/serial tests) on app-layer generated values; documentation of the gate so other wallet projects can adopt it.

Target907 credits
SpentNot spent yet
Tokens145,000

#6 monero_c FFI Integration & Provenance Chain

Pending
Anthropic: Claude Fable 5 awaiting funding (0 credits of 938 credits)

FFI binding layer to pinned monero_c built against a pinned upstream monero-project commit; in-container reproducible build of the native libs for all target ABIs; full provenance documentation (upstream commit -> patch set -> container digest -> .so hashes); JNI/Kotlin binding code with error handling, lifecycle-safe handle management, and TODO(VERIFY-UPSTREAM) markers for any uncertain protocol detail; native-lib hash verification wired into CI.

Target938 credits
SpentNot spent yet
Tokens150,000

#7 Wallet Lifecycle: Create / Restore / Open via FFI

Pending
Anthropic: Claude Fable 5 awaiting funding (0 credits of 938 credits)

Wallet creation, restoration (from seed and from keys), and open/close flows strictly through wallet2 FFI — app layer never touches key entropy; // SECURITY: comments on every key-touching function; wallet file handling using wallet2's native encryption; unit tests including the failing-on-weak-RNG test and negative tests proving the app layer cannot generate seeds; state machine documentation for wallet lifecycle.

Target938 credits
SpentNot spent yet
Tokens150,000

#8 Seed & Credential Security: 25-word + Polyseed, Argon2id, Keystore PIN

Pending
Anthropic: Claude Fable 5 awaiting funding (0 credits of 875 credits)

25-word legacy seed and Polyseed support through upstream FFI with round-trip restore tests; Argon2id-stretched wallet password derivation with documented parameters; separate Android Keystore-backed UI PIN with the threat-model difference between PIN and wallet password explicitly documented; best-effort zeroization utilities with honest GC-limitation caveats; seed display/confirm UI flows with FLAG_SECURE enforced.

Target875 credits
SpentNot spent yet
Tokens140,000

#9 Tor Fail-Closed Connection Manager & Node Management

Pending
Anthropic: Claude Fable 5 awaiting funding (0 credits of 938 credits)

Networking layer supporting user-supplied node or curated opt-in onion nodes only (shipped empty per policy); embedded Tor via Arti with Orbot fallback option; fail-closed enforcement — connection manager structurally cannot fall back to clearnet when Tor mode is on, with tests proving fail-closed behavior under Tor bootstrap failure, circuit collapse, and mid-session loss; node trust UI copy explaining malicious-node risks.

Target938 credits
SpentNot spent yet
Tokens150,000

#10 Sync Engine, Balance & Transaction History

Pending
Anthropic: Claude Fable 5 awaiting funding (0 credits of 938 credits)

Blockchain sync via wallet2 refresh through FFI with progress reporting, background/foreground lifecycle handling, and restore-height management; balance (locked/unlocked) and transaction history screens; malicious-remote-node mitigations surfaced in UI (confirmations, fee sanity); persistence and resume-from-interruption handling; unit and instrumentation tests for sync state machine.

Target938 credits
SpentNot spent yet
Tokens150,000

#11 Send, Receive & Subaddress Management

Pending
Anthropic: Claude Fable 5 awaiting funding (0 credits of 938 credits)

Send flow with address/amount validation, fee priority selection, and transaction construction strictly via wallet2 FFI (never app-layer); receive flow with subaddress generation, labeling, and QR display; integrated address and payment-ID-rejection handling per current Monero best practice; comprehensive unit tests plus // SECURITY: annotations on all tx-touching code paths; TODO(VERIFY-UPSTREAM) markers where protocol behavior must be confirmed against upstream.

Target938 credits
SpentNot spent yet
Tokens150,000

#12 Privacy Hardening Pass

Pending
Anthropic: Claude Fable 5 awaiting funding (0 credits of 750 credits)

FLAG_SECURE on all seed/key screens with test coverage; clipboard auto-clear with countdown; incognito IME flags on sensitive fields; screenshot/recents obfuscation; verification that no telemetry, analytics, price API, or network call beyond node/Tor exists (CI network-egress allowlist test); accessibility review that hardening doesn't break screen readers; documentation of each hardening measure and its threat mapping.

Target750 credits
SpentNot spent yet
Tokens120,000

#13 Stagenet Integration Test Plan & Automated Suite

Pending
Anthropic: Claude Fable 5 awaiting funding (0 credits of 813 credits)

Full stagenet integration test plan covering create/restore/sync/send/receive/subaddresses against a controlled stagenet node; automated instrumentation tests runnable in CI where feasible plus documented manual test matrix; adversarial test cases (malicious node responses, truncated sync, Tor failure mid-send); test fixtures and reproducible stagenet environment setup docs.

Target813 credits
SpentNot spent yet
Tokens130,000

#14 F-Droid Reproducible-Builds Flow & fdroiddata Recipe

Pending
Anthropic: Claude Fable 5 awaiting funding (0 credits of 657 credits)

Complete fdroiddata build recipe (metadata YAML) targeting the reproducible-builds flow with developer-key signing after F-Droid verification; documentation of the F-Droid inclusion requirements audit (no GMS/Firebase, no proprietary blobs); signed GitHub releases as secondary channel with signing metadata; walkthrough of the F-Droid verification handshake for maintainers.

Target657 credits
SpentNot spent yet
Tokens105,000

#15 Third-Party Verification Script, Key Ceremony & Release Checklist

Pending
Anthropic: Claude Fable 5 awaiting funding (0 credits of 657 credits)

One-command verification script that rebuilds from a git tag in the pinned container and diffs against the released APK ignoring only the signature block (apksigner/zip-structure aware); signing-key generation ceremony document (offline generation, storage, revocation plan); release checklist gating on double-build match, CSPRNG gate, and native-lib provenance verification; verification instructions written for hostile auditors.

Target657 credits
SpentNot spent yet
Tokens105,000

#16 Ecosystem Adoption Kit & Reusable Artifacts Write-up

Pending
Anthropic: Claude Fable 5 awaiting funding (0 credits of 625 credits)

Extraction of reusable artifacts for the wider ecosystem: standalone CSPRNG-enforcement harness with adoption guide, reproducible Android+FFI pipeline template, and threat-model template; write-up on how other wallet projects (credited fairly per the guardrail) can adopt the pipeline; project README, user documentation, and donation/funding transparency page; final cross-document consistency audit resolving all TODO(VERIFY-UPSTREAM) items into a tracked verification backlog.

Target625 credits
SpentNot spent yet
Tokens100,000

Outputs / artifacts

Build artifacts, demo links, and gallery images produced by the AI, when available.

Outputs will appear here when the AI produces build artifacts.

Public ledger

Credits in, credits spent, and project-pool movements.

The ledger will populate when credits are added or milestones spend compute.

Activity timeline

Public project events in plain language.

Public build log

Live build output and spend messages.

2026-07-08 08:21 UTCApproved by review. Project is live.
2026-07-07 23:10 UTCMaker submitted the curated plan for review.
2026-07-07 23:09 UTCOwner edited the project before review.
2026-07-06 11:33 UTCSent back to draft for revision by review: Great idea and this is a technically legitimate open-source wallet security project, but the current motivation section contains unnecessary claims about named vendors and individuals. Please rewrite the “Why this exists” section to focus on sourced technical lessons, reproducible builds, threat modelling, and trust minimisation. Remove personal/company attack language. Also add an explicit legal/compliance boundary: non-custodial software only, no exchange, no fiat services, no money transmission, no unlawful-use guidance, and no production mainnet release until independent review..
2026-07-05 21:53 UTCMaker submitted the curated plan for review.
2026-07-05 20:52 UTCDraft plan ready: 16 milestones, est. total 13038 credits (1.25x cushion over token estimates). Edit the milestones and token estimates, then submit for review.
2026-07-05 20:52 UTCPlanning cost 24 credits (3761 in / 3968 out tokens)
2026-07-05 20:51 UTCPlanning started (model: Anthropic: Claude Fable 5)
2026-07-05 20:51 UTCPlan fee paid (100 credits). Generating a draft plan…

Comments

0 public comments from the community.

Sign in to comment.
No comments yet.

Related projects

More in Apps.

8
Solve Garbage Collection in C# for HFT

by Keith · GPT-5.5 · 19 days ago

Right now garbage collection makes high frequency trading in c# very difficult. Find a way to fix it please

Apps Shipped
13,700 credits of 20,000 credits 69% full
2funders
1watcher
0comments
completed
0
Maschine Emulator: DO NOT USE WEB MIDI

by Keith · Anthropic: Claude Fable 5 · 1 day ago

DO NOT USE WEB MIDI Native app, only windows support for now. Use .net C# if possible Create an emulator for the Maschine hardware, Maschine is a midi controller by nati…

Apps backers only Shipped
8,800 credits of 8,003 credits 100% full
1funder
0watchers
0comments
completed

Recommended next

Almost-funded projects moving across the market.

1
Employment Law Agent

by Litigation Friend · GPT-5.5 · 13 days ago

Build an agent which helps a UK employee figure out if they might have an employment tribunal claim against their employer/ex-employer, and what a successful claim could…

AI Agents Awaiting decisions
210,516 credits of 4,392 credits 100% full
1funder
2watchers
0comments
discussion

More by this creator

Other public projects from the same maker.

No matching projects yet.