Add possibility to login with metamask-like browser wallets #1167
Comments
|
Thanks for opening the issue! I'm not 100% sure for now, but I guess using a Metamask can be limited to ETH (and its forks) only. But if it allows signing arbitrary data using imported privkey, we can support other protocols using the secp256k1 curve. We will need to make some research on this. |
|
I did a little research on Metamask functionality and how it can be integrated into AtomicDEX.
Indeed, there is a way to sign transactions of other protocols based on ECDSA signing algorithm (secp256k1 curve) using eth_sign. It works exactly the same way as ethkey: let (rec_id, s) = Secp256k1::signing_only().sign_recoverable(&msg, &sec).serialize_compact();Taking into account that we use But there are two critical flaws:
Such a warning looks so unfriendly:
|
|
Regarding Metamask integration steps, I want to highlight 3 steps:
|
As an initial step, I propose starting with ETH coins support only, as they are native for Metamask. Considering "big red warning", UTXO and other protocols UX will be suboptimal anyway.
I doubt that it's worth doing it this way. For maker orders broadcast and sync, we require signing P2P messages periodically, which can be annoying (Metamask will show a pop-up every 30 seconds to sign |
|
I also researched on what The best way I can suggest is to send It will be easier if this is done #415 (comment) but definitely not required. Another option that should be considered is extracting public key from signed transactions. But this requires the user either to have already sent transactions from his address, or to sign a dummy transaction via deprecated But I think it's better to avoid such crunches and refactor |
The pubkey is directly used, for example, in HTLC redeem script for UTXO |
|
As a workaround, we can request user to sign a message like |
|
One more question arose from my side: what are we going to do if a user switches Metamask active account when there is an ongoing swap? As I can see, there is no API allowing to forcefully change account back. It's also important to note that user interaction will be required during swaps to sign and send transactions. Users will actually need to stay in front of the screen during the entire swap process. cc @tonymorony |
Thats a good question, thanks for brining it up! We can show warning popup in app (we have to do it on logout option lets say as well, right now we do have default popup when user trying to refresh page) I've tried few swap interfaces where you have to confirm transactions with metamask - usually best practice is to kinda lock user in such case on swap without possibility to switch to another window and also show explanation "You'll need to confirm transactions in process, please do not close window" Closer to actual integration into interface we'll work with @polevin to additionally explain to the user necessity of transactions confirm by interaction with metamask |
|
This is a good idea!
This is not a problem more since we can extract the pubkey from
Just adding in support of this
It's possible to "ask" the user to switch the
|
|
Summarizing the above, the only reason to login to AtomicDEX via Metamask is to swap ETH based coins and their tokens cross-chain. For example, cross BNB and ETH mainnet.
|
|
what if, we ask users to export/import metamask seed in atomicdex and deal with address derivation paths/accounts etc., the same way hardware wallets are going to be treated? Users can still access the same balances on metamask, but can trade on atomicdex I understand this will not really be a metamask integration. but, if metamask makes switching networks (ETH vs BNB), approving each txn, dealing with utxo chains hard, then this can be a good compromise. Users won't need to backup yet another seed phrase, and get the utxo world open up to them with the same metamask seed phrase |
i do exactly this, pretty often... i can trade on all EVM DEXs and have the traded coins directly in my ADEX Desktop... but i did it the other way around, i imported privkey (of ETH or any other EVM token, since they are all the same) into Metamask |
|
Really, compared to AtomicDEX, there isn't much functionality in Metamask afaik. It is just a wallet and can send/receive coins/tokens to on chain contract addresses. It can do on chain really well. and isn't designed to deal with anything cross chain I feel that atomicdex can replicate all the functionality on metamask and can become the "key to all crypto" vs metamask's "key to EVM chains" |
|
As we decided to integrate MetaMask login just as PoC (till waiting for MetaMask Snaps), I'd like to share my thoughts on how it can be implemented: Login to AtomicDEX with MetaMaskIn this approach the user will be able to activate ETH/ERC20 coins only.
Login with Iguana/BIP39 passphrase
MetaMask SnapsWe'll likely be able to create our own Snap in JavaScript that will allow us to activate any coin based on ECDSA signing algorithm (secp256k1 curve), sign P2P messages without the scary warning etc. But since it's not allowed right now, I'd prefer Other details
@artemii235 @yurii-khi @tonymorony which way will we pick? |
|
I vote for |
|
I've prepared an example MetaMask Snap that requests the private key and returns to the website. Example: https://github.com/sergeyboyko0791/test-mm-snap export const onRpcRequest: OnRpcRequestHandler = async ({ origin, request }) => {
switch (request.method) {
case 'hello':
const res = await wallet.request({
method: 'snap_getBip32Entropy',
params:
{
path: ['m', "44'", "60'", "0'", "0", "0"],
curve: 'secp256k1',
}
});
return res.privateKey;
default:
throw new Error('request.method=' + request.method);
}
}; |
agreed, it looks like a best option until they snap feature matures |
|
I ran into several challenges while I worked on #1551: GuiAuthValidationGenerator
I see a few workarounds, but they all have cons:
WithdrawMarketMaker generates, signs and returns the signed transaction on I'd suggest the following:
@artemii235 what do you think about it? |
GuiAuthValidationGenerator
I assumed we would use the built-in RPC provider - Metamask uses Infura with their own API key, so we don't have to bother using another RPC node.
It's likely that we don't need it - it's possible to add any chain manually, similarly to Binance Smart Chain https://academy.binance.com/en/articles/connecting-metamask-to-binance-smart-chain. Withdraw
Considering the big red warning on |
|
Ok, good.
Do I understand correctly, that you suggest the following activation scheme?
So can I add
|
Yes
Also yes 🙂 And to avoid adding one more RPC, it might be worth to figure out other possible solutions: like adding |
* Design and implement MetaMask provider * Add MetaMask initialization RPCs * Activate ETH/ERC20 with Metamask priv_key_policy * Add `EthPrivKeyPolicy` * Fix udeps * Use built-in MetaMask RPC provider * Add `MetamaskTransport` * Rename `Web3Transport` to `HttpTransport` * Add `MetamaskSession` to prevent concurrent requests * Fix PR issues * Compile `EthRpcMode::Metamask` in WASM only * Add `rpc_mode: EthRpcMode` to `EthActivationV2Request` * Update wasm-timer * Minor changes * PR fixes * Rename `task::init_metamask::*` to `task::connect_metamask::*` * Fix PR issues
|
I prepared two diagrams to describe how MetaMask is integrated into AtomicDEX. Connect MetaMask
Enable ETH coin
|
|
As you can see, we lock the Race condition
Fixed race condition
|
Might be very good to research this possibility to make access to webdex easier
e.g. uniswap:
The text was updated successfully, but these errors were encountered: