[1IP-66] - Transition to Fusion+ for the Alternative Modular Interface of 1inch

Previous Grant Work:

As part of the 1IP-50 proposal, a tremendous amount of work was done. Through close collaboration with the 1inch team, it was decided to create a modular solution with the ability to integrate its components into any applications and websites where fast token swapping is required. Based on this, a technical analysis was conducted, and it was decided to switch from Angular to Lit, as Angular is a heavier solution that could impact the performance of the entire page with embedded modules from 1inch. In turn, Lit is a lightweight library that solves the problem of writing templates in native web components, significantly speeding up the work of embedded modules and reducing the size of final bundles.

Recently, there was an incident involving the creation of a phishing page based on the open-source version of the 1inch swap interface. As a result, one of the priority tasks became strengthening the security system and developing mechanisms to protect users and the project from such threats. These measures include improving authentication and server-side verification to prevent the creation of phishing copies of the application.

Additionally, due to technical shortcomings, the Permit2 function, which ensures safer token permission management, was temporarily disabled. In the next stages of development, we plan to finalize and reintegrate Permit2 to enhance security and usability.

A modular architecture for the application was developed, and a bundler based on esbuild was written to accelerate development and package publication. To improve performance, a data storage system using IndexedDB was implemented, significantly reducing interface lags, especially on portable devices.

A desktop version of the interface was also implemented using the Electron framework. This version can be built for all current platforms: Windows, MacOS, Linux (AppImage). CI/CD was set up to automate desktop version releases through GitHub Releases, allowing automatic application updates. The latest version is also published on GitHub Pages so that everyone can review the results of the work done under the 1IP-50 proposal.

For module integration, an integration layer was developed, allowing the swap form or any other application module to be embedded into the host application’s desired location, regardless of the framework or library used.

The application has some drawbacks: one of the most significant is the Nginx proxy, necessary to encapsulate the keys from the 1inch Dev Portal. The server itself is not powerful enough and may struggle with high traffic. Its location is also important: the server is currently hosted on DigitalOcean in India, which turned out to be optimal for users in most regions of Asia and Europe.

You can view the results of the previous proposal here:
https://github.com/1inch-community/interface
https://1inch-community.github.io/interface

Simple Summary:

The project aims to implement Fusion+ in the interface for gasless cross-chain swaps. Security measures will also be strengthened, including protection against phishing attacks and improvements to the Permit2 mechanism, as well as the development of Account View and CI/CD configuration for automatic library releases to NPM and signing code of the desktop version.

The requested amount is 66,000 USDC over 6 months, with monthly payments of 11,000 USDC.

Abstract:

The project aims to expand the functionality of the existing alternative 1inch interface by introducing Fusion+. Users will be able to perform cross-chain swaps without gas fees, with protection from MEV attacks and the use of Dutch auctions. The modular design of the interface will allow easy integration into other applications and platforms. Additionally, the CI/CD system will be improved for the automatic publication of project libraries in NPM and signing of desktop versions, enhancing deployment quality and user experience. These changes will make the interface more flexible, scalable, secure, and convenient for both developers and users. Additionally, one of the key tasks of the project will be improving the protection of open-source versions of the interface from phishing copies and increasing infrastructure stability, as well as finalizing and activating Permit2.

Motivation:

The current version of the interface only includes swap functionality. The implementation of Fusion+ will allow users to perform fee-free cross-chain swaps with high levels of security and efficiency. This module will expand the use of the interface and attract more users and developers. The modular approach makes the interface flexible and convenient for integration into any DApp or platform requiring asset exchange functionality. Due to the recent incident where a phishing page was created based on the open-source version of the swap interface, systems to protect against such incidents will also be developed. Additionally, one of the key tasks will be finalizing Permit2, which was temporarily disabled due to technical problems.

Specification:

• Fusion+ Interface:
  Modernizing the UI for cross-chain swaps using Fusion+ technology.
  Interaction with the 1inch API for creating, canceling, and monitoring cross-chain swaps.

• Account View Interface:
  Developing a UI for managing balances and tokens (Account View), allowing users to track assets and manage accounts.

• CI/CD Improvement:
  Automating the publication of all project libraries in NPM. This will allow developers to immediately use the latest version of the interface components.
  Automating the signing and publishing of new code versions for automatic desktop application updates.

• Phishing Protection System:
  Developing mechanisms to protect open-source versions of interfaces from being used in phishing copies, including authenticity verification and source code validation.

• Permit2 Finalization:
  Implementing and activating the Permit2 feature, which was temporarily disabled. Finalizing the token permission management system will improve interface security and efficiency.

• Infrastructure Improvement:
  Transitioning to the infrastructure of major providers such as Cloudflare or AWS will reduce latency to the proxy and increase its stability. This will also allow load rebalancing depending on the user’s location.
  Protecting the proxy from third-party use — implementing WAF will complicate proxy usage by third parties and increase infrastructure stability.

Rationale:

The main motive for developing Fusion+ is the need to expand the functionality of the alternative 1inch interface so that users can perform cross-chain swaps with enhanced security and no gas fees. Implementing phishing protection mechanisms will help prevent future incidents similar to the recent attempt to create a phishing page. The modular approach was chosen to ensure flexibility and ease of integration. Finalizing and activating Permit2 will also be a crucial aspect, improving token security.

Considerations:

• Security: The implementation of Fusion+ and phishing protection mechanisms requires special attention to transaction and code security. All interactions with the 1inch API will be secured using transaction verification and signing standards.

• Performance: Switching to Lit and using IndexedDB will ensure high performance even on devices with limited resources.

• Resource Management: Development costs will be minimized through the modular architecture and automation processes.

• Risks: Potential risks are related to technical challenges in integrating Fusion+ and Permit2 into the existing architecture, as well as developing the phishing protection system.

Costs:

The project is planned for six months, with a total budget of $66,000. Funding will be split into monthly payments of $11,000, allowing for flexible resource management at each development stage. This amount includes all associated expenses, such as purchasing certificates for signing the desktop version, Sentry fees, Cloudflare services, server costs for Proxy, and other expenses that may be necessary for the project at its current stage.

Payment Structure:

If this proposal passes, 66,000 USDC will be transferred to the Operations Multi-Sig (0x45e84e10e8E85c583C002A40007D10629EF80fAF), and subsequently paid out to 0x568D3086f5377e59BF2Ef77bd1051486b581b214 as follows:

An initial payment of 11,000 USDC will be made upfront.
The remaining 55,000 USDC will be streamed over a period of 5 months.

Project GitHub repository: link
Project GitHub Paging staging link

Thank you @Denis, the interface looks great!

One question I had was in regard to the Limit Order functionality specified in the original proposal. Do you still plan to include this in the UI? Or did other technical work, like the move from Angular to Lit, replace this in scope?

I see that your proposal calls for monthly payments, please see this post on how best to specify these in proposals: https://gov.1inch.io/discussion/25018-how-to-format-your-proposal-for-milestone-grant-payments

The first stage of development was very challenging to plan because there was no clear understanding of what it would look like and how it would work. The decision to move from Angular to a modular architecture with Lit significantly changed the development plan and shifted its direction. In the early stages, this created some difficulties, as Lit is not a full-fledged framework and doesn’t offer ready-made solutions in many areas of development. For this reason, the original plan was greatly shortened in favor of creating a superior solution on the market.
As for limit orders and the Advanced mode in general, yes, they will be developed after the integration of Fusion+. There is a separate plan for how the limit orders interface will look, and it will offer a significantly broader range of features than the current 1inch interface.

From our perspective, this is a valuable proposal that solves a real problem for 1inch Ecosystem and we would be glad to support this proposal.

However, we would like to see a better structure of the milestone payments and deliverables.

Hey @Denis,

The core team seems generally aligned with you proposal, but there is some feedback that we’d like addressed:

Critical Changes Required

This community version of the UI needs to be visually distinct from the official UI.

• Remove all “Powered by 1inch” mentions

• Implement new “1inch Community” branding

  • I am coordinating with our in-house designer to provide you with a 1inch Community logo

  • Different color scheme from official 1inch (looks like your version already conforms to this)

  • Distinct UI elements (looks like you already meet this, too)

• Add legal disclaimer to repository and interface:

This product, 1inch community, is based on the open-source version of the 1inch software. It is a community-driven fork of the original 1inch product and is not affiliated with, endorsed by, or officially supported by the 1inch brand, 1inch DAO, its creators, or the core 1inch team.

For the official 1inch product, please visit https://1inch.io/

Additional Requirements

• Domain: Should be under 1inch.community

  • I am working on getting a subdomain. Similar to what our docs have with https://gov.1inch.community/

• Interface Header: Add prominent disclaimer

  • “This is a community version of 1inch. It is not affiliated with, endorsed by, or supported by the core 1inch team. For the official version, visit https://1inch.io/”

• Create separate Terms of Service (proposed draft below):

Disclaimer: Independent Product – Not Affiliated with 1inch Official

This product, 1inch community, is based on the open-source version of the 1inch software. It is a community-driven fork of the original 1inch product and is not affiliated with, endorsed by, or officially supported by the 1inch brand, 1inch DAO, its creators, or the core 1inch team.

All trademarks and brand names, including "1inch," are used under license from the 1inch trademark owner. However, this version is an independent adaptation and may differ from the official product in features, quality, and support.

For the official 1inch product, please visit https://1inch.io/.

By using 1inch Community, you acknowledge that any issues, support requests, or inquiries regarding this forked version should be directed to the community behind this product and not the official 1inch team.

Regarding the payments

If this proposal is accepted, 66,000 USDC will be transferred to the Operations Multi-Sig (0x45e84e10e8E85c583C002A40007D10629EF80fAF) and subsequently paid to 0x568D3086f5377e59BF2Ef77bd1051486b581b214 as follows: An initial payment of 11,000 USDC will be made upfront. The remaining 55,000 USDC will be divided into 5 parts of 11,000 USDC each and transferred over the course of 5 months at the beginning of each month.

Would you be okay with us using Superfluid to stream the payments instead of making a monthly transaction to you? This is what the DAO is used to using for regular payments not tied to specific milestones – it saves us from having to coordinate a multisig tx for each grantee on a regular basis. You can see the existing DAO payment streams here. @stepahin is currently receiving his grant through Superfluid and can attest to its smooth UX.

I’d like to explain the development process. The steps in the Specification section can be considered as milestones, but they aren’t directly connected to each other. As I’m currently the sole developer on this project, I occasionally switch between tasks to maintain my efficiency and avoid burnout. Additionally, some tasks may be blocked by external factors beyond my control, such as updates or fixes related to the dev portal API.
For this reason, the payments are tied to time intervals rather than specific tasks, as this project is now my full-time work.

I’ll make all these changes as soon as the proposal is accepted.