-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Smart wallets complete for Launch #3995
Comments
I might be wrong, but in a regular web app browser addons/extensions/profiles seems like a risk users have to manage on their own. Giving them a dedicated electron app makes this a non-concern. Given this is not mutually exclusive with on-chain wallets, and eliminates concerns while adhering to market norms, I think this is something we should still consider (what are the main risks?) I have used online wallets such as blockchain.com, which generates and shows your keys in the webpage. It's definitely a risk level that's acceptable to some, but I think many would prefer an electron app. We'd probably also want to show a warning like: |
We'd like to manage a throw-away key as part of the web wallet, use it with CosmJS, and then have the user's Keplr to |
chatting with @michaelfig notes in progress: current flow: Bob visits treasury.agoric.app to address ouch round trip: to address ouch fees for all on-chain actions by dapp UI: would like to split dapp so it talks to both the dapp back-end and the wallet (bridge); but those are separate capTP connections, so, for example, we can't take an invitation we get from one and send it on the other: these capTP connections don't do shortening. perhaps rendezvous service? maybe use the sharing service? on-chain wallet makes up a high-entropy name and calls note: back-endless dapps also did away with the "which chain is this? test / dev / main?" issue. wallet and ocapsfor example, a creatorFacet for a dapp back-end see also #3901, though we may need to go beyond simple data-only args perhaps where we are using deploy scripts and scratch to deploy contracts, we could use an on-chain wallet; that wallet could then hold creatorFacets and such. Maybe use a simpler client (cosmjs signing, faucet/src/gift.js) than ag-solo. |
Clarifying authority around purses / assets@katelynsills notes lib-wallet is a first draft with the intent of further work to organize around POLA. (#4488 ) @michaelfig says he considers that one of the goals of the on-chain wallet, which will go through an architecture review once he has something to propose that we can iterate on. |
@michaelfig i took the cosmic-swingset label off of this because it was messing up my graph. |
After having my wallet running for a few minutes and doing an AMM swap, the
After refreshing the page the follower works again normally. |
Smart Wallet is complete now for PSMO launch. More testing to do but no known issues. |
Organization
This epic is the last in a sequence of milestone epics.
Acceptance criteria
Background
Why?
ledger integration
@warner to research JSON blob details etc. what can be signed? Hash? JSON blob?
Originally posted by @dckc in #2629 (comment)
Design notes
Normalised data model
For a given user-specific wallet, the backend's data records each have:
meta
property consisting of{ id, createdAt, modifiedAt }
, whereid
is unique for the specific wallet instance, and the*At
stamps are fodder fornew Date(somethingAt)
actions
presence that allows the manipulation of that recordEvery collection of data records is enumerable and presents a notifier that is updated with the entire collection's contents as any changes are made.
If there are any wallet entities that don't conform to this data model (i.e. currently petnames and dapps), they should be updated to conform.
Private data
User annotations on data (e.g. the assigned petnames, and any comment fields) should be private, that is they should be encrypted in such a way that the user's HD signer or recovery phrase can decrypt them.
It may be advantageous to represent this encrypted data as a single normalised record mapping from
id
to associated data so that it can be decrypted and re-encrypted in bulk. Because it contains timestamps in its"meta"
property, we will know when it applies (as suggested by @JimLarson).Cosmos chain integration
Pluggable storage of normalised records is an important feature of the wallet. For a strawman implementation, the storage system would use the IAVL tree, to be able to expose them via Cosmos-idiomatic queries, events, and transactions.
The wallet backend and wallet frontend need an agreed-upon wallet middleware to encode and decode messages to and from the chain, without affecting the ocap programming model of either the frontend or backend.
Pervasive sturdyrefs
If the normalised data model is adopted throughout the user's wallet, the user's wallet admin facet can provide a way to look up a given data record (including its
actions
presence) via itsid
. This corresponds to a sturdyref whose contents can only be mutated by signed transactions to the appropriate wallet service.Queries
The
@agoric/marshal
-serialised wallet records should be queriable from RPC nodes without causing a transaction or any SwingSet mutation. Ideally, the storage system would be able to provide proofs for the query results as well.Events
Every wallet backend data record update will result in a Cosmos "event" such as:
where the
wallet.update
value is the@agoric/marshal
serialised record (mapping known presences to ids). The wallet frontend-middleware can subscribe to thewallet.owner=agoric1...
corresponding to their owner and receive updates over a WebSocket without needing to poll. Such update events would be converted into the usual notifiers for the wallet frontend.agoric.wallet.MsgPerformAction
To preserve ocap integrity, the generic data records would only be updateable by sending a message to its
action
presence. On the wallet frontend, normalE
calls would translate into a chain transaction message containing (@agoric/marshal
-serialised):id
to look up as the target,method
to call on itsaction
presenceid
lookups).This message would be
@agoric/marshal
-serialised by the frontend-middleware and deserialised into an actual method call by the backend-middleware. That way, we avoid the potential incompatibilities with other data formats such as pure JSON.The text was updated successfully, but these errors were encountered: