Smart Contract Wallet
Name to be decided once all functionalities are finalized
- EOA - Externally Owned Accounts that are controlled by secret keys.
- Warden - Persons who can help in recovering lost the account by signing a multi-sig.
- Tezos domains - A project on Tezos which provides a customizable human-readable address.
Most of the wallet which allows the transfer of Tezos from one person to another uses EOAs to identify the parties involved.
Problems with EOA
- EOA is not human-readable friendly.
- It is very tough to remember a mnemonic phrase and to store it which would help in recovering an account.
What is the solution?
- We can use Tezos domains which are human-readable and can be resolved to a tz1 or kt1 address to interact with the blockchain.
- We use the concepts of wardens to help its owner recover their account in case they forgot/lose EOA. An owner can add as many wardens they trust and can help him to restore a wallet based on multi-sig implemented in the smart contract.
Note - We will discuss more the wallet restore functionality in the upcoming sections.
Types of SCW users and their roles
- Can delegate its funds to a baker.
- Can transfer XTZ to another smart contract account.
- Can send XTZ to any EOA.
- Can add a warden.
- Can remove a warden.
- Can destroy a false claim of account take over within 36 hours of malicious request made.
- Can sign the change of ownership request.
- Owner (Who has lost access to EOA)
- Can make an ownership transfer claim on the contract.
- After 36 hours of making such a claim and once all wardens sign it, the new owner can certify the claim and let his new EOA get marked as admin’s EOA and become the new owner.
The app implementation
Note - We plan to use React for this implementation and some techs are referenced to it in the following section.
Account creation and domain registration
- The user first needs to select the EOA which he wants to use as admin and further interaction will be done through that EOA.
- Firstly we invoke the Factory smart contracts which deploy a new Smart contract.
- Once the smart contract is deployed we receive the contract address (KT1 address) which is then used to create a domain name.
- The domain registration happens through the same EOA and the newly created domain resolves to the KT1 address.
The transfer flow
- On the main screen, the user is supposed to choose which wallet he wants to use.
- When he/she selects one, the particular domain address gets resolved to the contract address and gets stored in Redux.
- When the user goes to the pay screen he can enter the domain address of the payee and proceed with the transaction by entering the amount and message the user wants to send along with the transaction.
- The app behind the scenes resolves the payee’s domain address to his contract address.
- Then the payer’s contract address from Redux is fetched and an entry point called “transfer” is invoked with the payee’s contract address, amount of XTZ, and message as parameters.
- The payer’s smart contract after owner verification performs an inter contract call to the payee’s contract with the message as parameter and XTZs are simultaneously passed.
- Payee’s smart contract is only designed to store the last message it received.
Showing transactions on the app with message
- The app will query block explorer and will filter out transactions done on the smart contract.
- The block explorer will show the transactions along with all the parameters passed (message, amount, op hash, etc).
The change of ownership
- The owner in case of loss of EOA can use the app to stake a claim of ownership using a new EOA.
- To make such a claim there should be at least one warden added in the smart contract.
- The owner just needs to enter the domain and that will be resolved to a contract address for invocation.
- On such a stake claim a multi-sig gets created which needs to be signed by the warden(s) unanimously.
- The owner with the new EOA will need to certify (entry point invocation) to be the new owner after 36 hours of the claim and all wardens unanimously agree to change ownership, simultaneously the admin address will also get changed.
What if wardens go rogue?
- There is a high possibility that the warden(s) can fraudulently try to transfer ownership to someone else, and ask someone to claim the ownership of the smart contract account.
- In this situation, the actual owner can destroy the stake claim within 36 hours of such a claim being made, even if all warden(s) have signed the ownership transfer the claim can be destroyed, and fraudulent account takeover can be prevented.
We will also explore how tickets in the coming upgrade could benefit the system but would like to hear the ideas.