defido2 is a command-line contract-based ethereum wallet intended for DeFi (decentralised finance) use-cases. The wallet's key material is stored on special-purpose tamper-resistant devices known as FIDO2 or U2F keys. All signature operations are performed on the key itself. FIDO2 keys are cheap and common, since they are being heavily promoted by google/twitter/github/etc for webauthn, second-factor logins. Additionally, OpenSSH now supports FIDO2 devices for password-free logins. defido2 uses libfido2, so it should support any CTAP2-capable FIDO2 device. We've tested with 2 models of Yubikey, Solo USB-C, and Solo SOMU. Solos can be purchased for $20 on their web store.

defido2 showcase

How it's made

It's a C++ command-line app that uses libfido2 to communicate to the FIDO2 devices over CTAP. It uses derived keys now, so a single key can support an unlimited number of wallets/logins. There is also partial support for resident keys, which would let us avoid tracking the credential ID. We have some custom code for solidity ABI encoding but cheat a little bit by shelling out to a javascript shim for some operations. The contract uses a solidity secp256r1 implementation ( to verify the signatures. It derives from OpenGSN base relayers, and we think would be a great use-case for OpenGSN, although this isn't fully fleshed out yet. Compound and Uniswap have enough implemented to prove that the concept can work. AAVE support is only partially working (and we didn't have enough time to demo).