new smart wallet #6084
new smart wallet #6084
Conversation
turadg
force-pushed
the
ta/split-smartwallet
branch
2 times, most recently
from
930e7de
to
eb052cd
Compare
|
Let's please be sure |
| ); | ||
|
|
||
| // @ts-expect-error faulty generic typedef | ||
| wallet.executeOffer(offerSpecCapData); |
There was a problem hiding this comment.
await? ah. no. We shouldn't rely on getting a promise for the result. Seems worth documenting with void if not a comment.
There was a problem hiding this comment.
you mean document at the callsite? the docs on executeOffer already say it's a synchronous function:
* @returns {void} when the offer has been sent to Zoe; payouts go into this wallet's purses
|
@turadg here's hoping the results of this work don't have memory performance issues such as |
turadg
force-pushed
the
ta/split-smartwallet
branch
2 times, most recently
from
1a58fc0
to
cfd2b19
Compare
| @@ -149,7 +149,7 @@ export const start = async (zcf, privateArgs, baggage) => { | |||
| /** | |||
| * @param {ZCFSeat} seat | |||
| * @param {Amount<'nat'>} given | |||
| * @param {Amount<'nat'>} [wanted] | |||
| * @param {Amount<'nat'>} [wanted] defaults to maximum anchor (given exchange rate minus fees) | |||
There was a problem hiding this comment.
Just curious, when would you want anything less than the maximum?
There was a problem hiding this comment.
not sure myself. A case I can imagine is that if you want a certain amount and you don't know the fees you give a surplus and rely on the contract to only take what's necessary for the want.
| /** | ||
| * | ||
| * @param {AmountKeywordRecord} amountKeywordRecord | ||
| * @param {(brand: Brand) => ERef<Purse>} purseForBrand |
There was a problem hiding this comment.
Nit: Rename to getPurseForBrand (here and below). I thought that this was just a single purse reference based on the name.
There was a problem hiding this comment.
The function does just look up a single purse for a single brand.
| * @returns {void} when the offer has been sent to Zoe; payouts go into this wallet's purses | ||
| * @throws if any parts of the offer can be determined synchronously to be invalid | ||
| */ | ||
| executeOffer: capData => { |
There was a problem hiding this comment.
I guess this purposely doesn't handle attestations for now right?
There was a problem hiding this comment.
yeah, not in scope for PSM launch. @dckc will supporting that affect the API?
There was a problem hiding this comment.
@samsiegart remind me how we represented "this offer should include an attestation" in our acceptOffer argument?
turadg
force-pushed
the
ta/split-smartwallet
branch
from
51a456a
to
c74df81
Compare
| * | ||
| * @type {MapStore<Brand, ERef<Purse<'set'>>>} | ||
| */ | ||
| const brandPurses = makeScalarBigMapStore('brand purses', { durable: true }); |
There was a problem hiding this comment.
It still seems like we could reduce the scope of this by, for example, moving it along with publishPurses later in the file.
There was a problem hiding this comment.
Good idea. For auditability I tried to gather the state and for upgradability I tried to gather precious state. But it would be better to have a comment explicitly about state requirements and let them be defined in the most advantageous place for safety.
turadg
force-pushed
the
ta/split-smartwallet
branch
2 times, most recently
from
75371b5
to
b63bf9f
Compare
turadg
force-pushed
the
ta/split-smartwallet
branch
2 times, most recently
from
6c2c725
to
d70db59
Compare
turadg
force-pushed
the
ta/split-smartwallet
branch
2 times, most recently
from
20f897d
to
abfb448
Compare
turadg
force-pushed
the
ta/split-smartwallet
branch
from
c4c5009
to
5b570fb
Compare
turadg
force-pushed
the
ta/split-smartwallet
branch
from
5b570fb
to
994eed3
Compare
turadg
added
the
automerge:no-update
turadg
force-pushed
the
ta/split-smartwallet
branch
from
994eed3
to
9b85ce3
Compare
turadg
force-pushed
the
ta/split-smartwallet
branch
from
9b85ce3
to
708972f
Compare
closes: #4488
Description
A whole new Smart Wallet contract. This builds on the design and code of the agsolo wallet but the fresh start reduces the code surface to audit for PSM launch. It's also designed from the ground up for POLA and to take advantage of marshalling contexts instead of board ids.
Some features that aren't needed for PSM launch have been omitted and filed for future work:
And these are still needed for PSM launch:
Security Considerations
This let's anyone send a message to the contract that can execute arbitrary offers on a wallet instance. It relies on the bridge handler to ensure that the only messages that reach a wallet come from its owner.
Documentation Considerations
New docs including an attackers guide.
Testing Considerations
New tests