Custos
A self-custody wallet & on-chain DEX · architecture study

I'm a product designer. This is me architecting an entire wallet — end to end.

Your keys.
Made usable without lying about the risk.

Self-custody is a promise most wallets don't keep well: hand a person absolute sovereignty, then hand them the entire burden of a private key. Custos is my end-to-end study of the whole system — HD key management, an on-chain swap engine, a transaction state machine, gas, multi-chain, and the security-critical UX — designed so the sovereignty is usable, and so the interface never pretends the risk is smaller than it is.

9
Core module groups, from key derivation to the tx tracker
10
Screens, one design system, WCAG-AA data legibility
0
Keys leave the device — by design (not a guarantee)
4
Live demos below — architecture, keygen, swap, security
Production-grounded Rebuilt as an independent study Fictional brand · original IP Concept · not audited

What this is. Custos draws on real production work and is rebuilt here as an independent study under a fictional brand and original IP. It is a design-and-architecture study — not a live product, and it has not undergone third-party security audit. Names and figures are abstracted.

Where my domain ends. I design the system and the security-critical UX. I do not offer wallet security as a service. On a fully compromised device, no browser or app can guarantee what-you-see-is-what-you-sign; a phishing blacklist lags real attacks; honeypot detection is a probabilistic signal, not a guarantee. Everything here sits on top of standard defence-in-depth and a real security team's audit — never in place of them.

The design problem

Sovereignty is easy to grant and brutal to carry.

"Not your keys, not your coins" is a good principle and a terrible onboarding experience. The moment a wallet is truly self-custodial, the user inherits everything a bank used to absorb: key generation, backup, phishing, approval risk, gas, failed transactions, fake tokens.

So the design job isn't to hide that burden — hiding it is how people lose everything. It's to sequence it, make each risk legible at the moment it matters, and refuse to let the interface imply a safety it can't deliver. That principle runs through every module below: make the honest thing the easy thing.

01 · The system, end to end

Nine module groups. One path from tap to chain.

Every layer a self-custody wallet needs — and the honest division of labour between what the client does and what the chain does. Tap a module to inspect it, or trace a full swap through the stack.

System architecture — interactive live

Entry layer

Web · React + TS Mobile · React Native Extension · MV3

Wallet core (on-device)

BIP39 mnemonic BIP32/44 HD derive Keystore AES-256-GCM Secure storage

Connectors · DEX engine

External connector · wagmi/viem Quote & route Approve manager Swap executor Tx tracker

Blockchain interaction

RPC · FallbackProvider Gas · EIP-1559 Multicall3

On-chain

Router / Factory / Pair AMM pool · x·y=k
Inspect a module
Tap any node
— or trace a swap to watch the path light up —
Custos separates on-device custody (keys never leave) from on-chain settlement (the AMM does the maths). The client quotes, routes, approves, signs locally, and broadcasts; the chain moves the tokens and emits the event.
02 · Wallet core

The key is generated on the device and dies in memory.

Standards do the cryptography — BIP39 entropy → mnemonic, BIP32/44 HD derivation at m/44'/60'/0'/0/x, a JSON Keystore encrypted with AES-256-GCM behind a scrypt-derived key. The design job is the choreography around them: generate, use, and wipe, with the secret spending as little time in memory as possible.

Mnemonic HD derive Private key AES-256-GCM
(scrypt N=262144)
Secure storage
Sign a tx → decrypt to memory sign (secp256k1) wipe memory broadcast signed tx
The private key is never sent to a backend, written to a log, placed in a URL / query string, or stored unencrypted.
Secure storage is platform-native: iOS Keychain (WhenUnlockedThisDeviceOnly), Android Keystore + EncryptedSharedPreferences, Web IndexedDB + a non-extractable WebCrypto key.
Demo · wallet creation flow

The four steps that decide whether a beginner survives.

Password → seed reveal → forced verification → address. This is a simulation — it generates nothing real and stores nothing. It shows the security gating: the seed is hidden until acknowledged, screenshots are discouraged, and you can't proceed without proving you saved it.

Create wallet — simulated demo
03 · External wallet connector

Bring your own wallet, one abstraction.

WalletConnect V2

QR / deep-link relay sessions, auto-reconnect, chain & account change events — the mobile-wallet bridge.

EIP-1193 injected

MetaMask and other injected providers via the standard request interface — the desktop path most users take.

wagmi + viem

One connector abstraction over both, with typed calls, session persistence, and unified state — the internal wallet and external wallets speak the same interface downstream.

04 · DEX swap engine + tx state machine

Quote, exact-approve, swap, and a transaction that tells the truth.

The swap output is computed live with the constant-product formula (x·y=k) against a mock reserve, so price impact and minimum-received are real maths, not decoration. Approval defaults to the exact amount — never MaxUint256. Then the transaction moves through a state machine that shows pending, confirmations, success, or a decoded failure — because "it's processing…" forever is how wallets lose trust.

Swap — simulated (mock reserves) demo
You payBalance: 5,000 USDC
$USDC
≈ $1,000.00
You receive (estimated)Balance: 1.20 ETH
ETH
≈ $0.00
Rate
Price impact
Slippage tolerance0.5%
Min received
Est. gas (EIP-1559)~$2.40
05 · Security layer

The interface's job is to make the dangerous thing visible.

Three of the failure modes that actually drain wallets — infinite approvals, blind signatures, and malicious contracts — surfaced as design. Tap through them.

Security panel — interactive live
06 · Design system

Institutional-grade calm for a high-stakes surface.

A dark, high-contrast system — deep navy grounds, electric blue for action, semantic green/amber/red that never carry meaning by colour alone. Money data uses a monospace so digits align; nothing critical is below 15px; touch targets clear 44px; motion is subtle and reduced-motion-safe.

Ten screens share it: assets overview, send/receive, swap, DApp browser, token detail, token manage, create, import, the transaction-confirm modal, and approval management.

#3b82f6
Action blue — primary, focus, links
#22c55e
Success / up — with icon, not colour alone
#0b1120
Void — the deepest ground
≥15px
Critical data · WCAG-AA contrast · 44px targets
07 · Product judgment

Knowing what not to build is the design.

The architecture is exhaustive; the first release should not be. Scoping an 8-week MVP — and naming what to refuse — is where a designer earns the "product" in product design.

✓ MVP · ship first
Seed create / import / encrypted store
One chain (Ethereum or Polygon)
MetaMask connect (injected)
Balances (ETH + top-20 tokens)
Swap via one router, single path
Tx status + exact-approve + signature preview
⏳ Phase 2 · defer
WalletConnect V2 (MetaMask covers most)
Multi-chain & multi-hop auto-router
Tx history page (Explorer covers it)
Gas-speed selector, phishing blacklist
Tenderly simulation, NFTs, mobile app
✕ Don't build
Own AMM contract — use Uniswap
Own token list — use the standard
Own RPC node — Alchemy is enough
Limit orders, cross-chain bridge (Phase 3+)
Liquidity provision — swap only
The honest ledger

What this evidences — and what it does not.

✓ What it evidences
A designer can architect an entire self-custody wallet + DEX end to end — keys, swap, tx state machine, gas, multi-chain, security UX.
Command of the real primitives: BIP39/32/44, ethers/wagmi/viem, EIP-1193, EIP-1559, constant-product AMM maths, Multicall3, AES-256-GCM + scrypt.
Product judgment: an honest MVP scope and an explicit "don't build" list.
Security-critical interaction design: exact-approve, revoke, signature preview, honeypot/phishing surfacing.
✕ What it does not claim
Not a shipped or audited product; the demos are simulations that generate and store nothing.
Not a security guarantee — on a compromised device no client can guarantee what-you-see-is-what-you-sign.
Honeypot detection is probabilistic; a phishing blacklist lags; screenshot blocks are defeated by a rooted/jailbroken device.
This is the interaction-design and architecture layer on top of a real security team's audit and defence-in-depth — not a replacement for either. I don't offer wallet security as a service.

A designer who can architect the whole system — and scope it honestly.

That's the signal Custos is meant to send: system depth, security literacy, and the discipline to say what a concept does not prove.