Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Smart wallet middleware #4398

Closed
2 of 7 tasks
michaelfig opened this issue Jan 26, 2022 · 9 comments
Closed
2 of 7 tasks

Smart wallet middleware #4398

michaelfig opened this issue Jan 26, 2022 · 9 comments
Assignees
Labels
cosmic-swingset package: cosmic-swingset enhancement New feature or request needs-design read-no-tx topic: reading from the chain without a transaction wallet

Comments

@michaelfig
Copy link
Member

michaelfig commented Jan 26, 2022

What is the Problem Being Solved?

The existing Wallet UI is very close to using a model that is possible to implement via CosmJS-based middleware directly to the on-chain backend. This issue is to track the pieces needed for an end-to-end.

Description of the Design

On-chain, per-account state is accessible via Cosmos queries, events, and simple marshalled eventual sends can be made via transactions.

  • on-chain notifiers are published by middleware both as updates to queriable state, and susbcribable Cosmos events containing notifier records serialised in the context of the account. This is possible with the x/swingset storage API.
  • UI middleware subscribes to events, then issues initialisation queries to obtain and deserialise those records.
  • replace ocaps with a Presence that submits a MsgWalletAction Cosmos transaction to do a semantic operation (i.e. only one message needed per UI action)
  • these actions are powerful, so may need confirmation from an external signer (Keplr or MetaMask)
  • an "authz" designation from that signer to a password-protected, per-wallet-UI key can cut down on confirmations delegate from interactive signer to background signer for low-privilege actions #4406
  • any state changes will be published via the notifiers, so that multiple client UIs can be kept consistent
  • the async result of a MsgWalletAction is also published as a Cosmos event, but is designed only to report success or failure to the (single) calling UI initiating it (if any)

NOTE: the wallet backend implementation is specifically not included in this item. For now, the backend will be a stub that produces:

type WalletBackend = Notifier<{
  contacts: Notifier<{
    meta: {
      id: string,
    },
    name: string,
    lastReceivedMessage: any,
    actions: ERef<{
      sendMessage: (data: any) => void,
    }>,
  }>,
}>

E(contact.actions).sendMessage('Hello, world!');

Security Considerations

Key management is important. Will need to be reviewed by our security experts.

Test Plan

Integration testing, probably manual for now.

@dckc
Copy link
Member

dckc commented May 31, 2022

@turadg to split out read-write as a separate issue

@turadg turadg changed the title On-chain wallet middleware On-chain wallet middleware (read-only part of Streams) May 31, 2022
@michaelfig michaelfig changed the title On-chain wallet middleware (read-only part of Streams) Smart wallet middleware (read-only part of Streams) Jun 3, 2022
@turadg turadg closed this as completed Jun 29, 2022
@dckc dckc changed the title Smart wallet middleware (read-only part of Streams) Smart wallet middleware Jul 8, 2022
@dckc
Copy link
Member

dckc commented Jul 8, 2022

I'd like to keep using the checklist here, so I'm re-opening this.

In particular, our initial choice of marshaller for the wallet state publishes purses etc. so it needs work, as discussed in #5701 (comment)

@dckc
Copy link
Member

dckc commented Jul 11, 2022

tldr: It looks like the walletFactory (aka multi-tennant wallet) should register for BRIDGE.WALLET events, look up the relevant wallet by address, and forward actions there.

Some of the "actions" and "schema" stuff is still fuzzy to me; here's hoping it becomes clear as we code it up.

Detail

We have keplr offlineSigner integration in https://github.com/Agoric/agoric-sdk/blob/master/packages/wallet/ui/src/util/SuggestChain.js
(another example: https://github.com/Agoric/faucet/blob/cosmjs-rpc/src/gift.js )

@samsiegart asked: how do I map something like E(purse).deposit(...) into a payload like in client.signAndBroadcast(fromAddress, payload, Agoric.fee);?

We know address. payload is a serialized protobuf thing; Looks like WalletAction / WalletSpendAction are the relevant ones.

// Perform a low-privilege wallet action.
rpc WalletAction(MsgWalletAction) returns (MsgWalletActionResponse);
// Perform a wallet action that spends assets.
rpc WalletSpendAction(MsgWalletSpendAction) returns (MsgWalletSpendActionResponse);

That raises a question of the action field:

// The action to perform, as JSON-stringified marshalled data.
string action = 2;

on receipt, the go code seems to do:

func (keeper msgServer) WalletSpendAction(goCtx context.Context, msg *types.MsgWalletSpendAction) (*types.MsgWalletSpendActionResponse, error) {
ctx := sdk.UnwrapSDKContext(goCtx)
action := &walletSpendAction{
Type: "WALLET_SPEND_ACTION",

then I think we get to:

case ActionType.WALLET_SPEND_ACTION: {
p = doBridgeInbound(BRIDGE_ID.WALLET, action);

@Tartuffo Tartuffo assigned samsiegart and unassigned gibson042 Jul 22, 2022
@dckc
Copy link
Member

dckc commented Jul 28, 2022

marshaling public + private stuff

@samsiegart I broke ground on the problem, starting with a failing test:

https://github.com/Agoric/agoric-sdk/blob/dc-smartwallet-marshal/packages/wallet/api/test/test-union-marshal.js b4db2c4
pls excuse lack of branch discipline just now; it's stacked on unrelated work

background

The design sketch above includes:

  • on-chain notifiers are published by middleware both as updates to queriable state, and susbcribable Cosmos events containing notifier records serialised in the context of the account.

The notifier records include things like brands that are also published by the AMM, and we want to recognize them as equal.

See also Jan 21 discussion
#3756 (comment)

@dckc
Copy link
Member

dckc commented Jul 31, 2022

Currently we have MsgWalletAction and MsgWalletSpendAction with a single action field (aside from owner); I wonder how this relates to the json, trivial, zoe, capdata, and unsafe from an internal wallet.proto I just found.

The related Wallet Legibility doc has an example: E(purse.actions).deposit(myPayment) becomes ['applyMethod', receiver, purse.actions, 'deposit', [myPayment]].

It looks like receiver and purse.actions are supposed to collapse, and myPayment is actually an amount:

marshalData1 = JSON.stringify({
  body: [
    'applyMethod',
    {"@qclass":"slot", index: 0},
    'deposit',
    [
      {
        amount: {@qclass”:”bigint”, digits: “3000000”},
        brand: {"@qclass": "slot", index:1 },
      }
    ]
  ],
  slots: [[‘purse’, ["MyPurse"]], [‘brand’, ["IST"], {decimalPlaces:6}]],
});

@michaelfig
Copy link
Member Author

michaelfig commented Jul 31, 2022 via email

@dckc
Copy link
Member

dckc commented Aug 11, 2022

road not taken: needs pipelining / shortening

one of @michaelfig 's ideas turns out to be a bridge too far.

See also #5933

@dckc
Copy link
Member

dckc commented Aug 12, 2022

I started asking @erights about a puzzle in this space, and he asked for a diagram.

got started using http://www.webgraphviz.com/ but it's time for a meeting... so this is WIP


digraph g{
  rankdir=TB;
  subgraph cluster_dapp_amm {
    label="dApp\norigin=amm.agoric.app"
    ammBoot
  }
  ammBoot -> bridgeBoot
  subgraph cluster_wallet_bridge {
    label="wallet bridge\norigin=wallet.agoric.app"
    bridgeBoot -> localStorage
  }
  subgraph cluster_keplr {
    label="keplr extension"
  }
  subgraph cluster_wallet_ui {
    label="wallet UI\norigin=wallet.agoric.app"
    localStorage -> X
  }
  subgraph cluster_smart_wallet {
    label="smartWallet"
    X -> smartWallet
  }
}

@Tartuffo Tartuffo removed this from the Mainnet 1 RC0 milestone Sep 21, 2022
@dckc
Copy link
Member

dckc commented Nov 4, 2022

As noted in #3901 , we found the continuing invitation pattern sufficient for voting and for submitting oracle price updates. I'm not inclined to track this issue further. If there's anything important left in here, here's hoping we can scope it more clearly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cosmic-swingset package: cosmic-swingset enhancement New feature or request needs-design read-no-tx topic: reading from the chain without a transaction wallet
Projects
None yet
Development

No branches or pull requests

6 participants