Issue 4: Challenge-Response Cryptographic Handshake Hook Lifecycle Architecture

[elizabetheonoja-art]

Scope

File: src/hooks/useWeb3Auth.ts

Problem

The current auth hook connects on mount without challenge verification, stores the secret key in localStorage in plaintext, and never expires sessions. This violates Web3 security best practices where each session should be established via a cryptographic signature handshake using a non-expiring public key but an expiring session token.

Requirements

1. Implement a challenge-response handshake:
   • Backend or hook generates a random challenge string + nonce.
   • Wallet signs challenge + nonce with Keypair.sign().
   • Signature is verified against the stored public key before session establishment.
2. Session token must be distinct from the secret key — store only the signed challenge token in localStorage, never the secret key.
3. Add CHALLENGE_DURATION_MS (30 min default) after which isAuthenticated returns false and a re-challenge is required.
4. Expose signChallenge(challenge: string): Promise<string> for downstream use in API auth headers.
5. On disconnect, wipe all session artifacts from context and storage.

Resolution Strategy

• Keep keypair only in useRef (never serialized).
• Store { address, network, signature, expiresAt } in localStorage.
• Validate expiresAt > Date.now() on mount and on every context read.

Tags

hooks, wallet, security, auth

[real-venus]

Hey, I've read through the issue and I understand it.

Could you assign it to me? I can finish this within 24 hrs.

[grantfox-oss]

🦊 GrantFox — @real-venus has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #4)
2. Your PR will be reviewed by the Utility-Protocol maintainers

Good luck! Track your progress on GrantFox.

[grantfox-oss]

🎉 This issue has been marked as completed on GrantFox as part of the Official Campaign campaign!

@real-venus's PR #89 was approved and merged by @elizabetheonoja-art.

🏆 @real-venus: You earned 45 FoxPoints for this contribution! Your current tier: Specialist (4,516 total points). Track your full progress on GrantFox.

👏 Great work, @real-venus! Keep contributing to Utility-Protocol.