Ethereum dApps will probably move to users signing blobs of data using private keys that don't actually hold any funds. dApp operators will submit txs including these signatures, proving the end user gave the
.
Lets business pay for gas, deal with nonces, retry TXs, etc.
-
-
Schemes like this are hard to reason about. If failed tx reverts, signed data can be replayed (can be very dangerous in some cases). If nonce included and tx not totally reverted, front-running attacks possible (unless tx sender included in signature).
-
Example I proposed was simpler than I think you're assuming. Not just anyone can submit a transaction containing a user signature. Basically, administrators of the smart contract in question can do it no one else
-
Sure, but see tweet below. If users can unfriend people, they have to trust that the owner will not replay signed data. Obviously, this isn't a huge deal in this case - just an example of how these schemes are hard to reason about.
-
It is more complicated but I don't think it is hard to reason about in a way that implies "don't do it." Are there cases where even the onlyOwner example is very security critical? Yeah probably. I'm just talking about general design patterns that I expect to shift though
End of conversation
New conversation -
-
-
Long term this can also be solved at the user-identity-account/proxy-contract layer, reducing the number of "_onBehalfOf" methods that you need to publish.
-
Any examples?
-
The Gnosis Multisig v2
End of conversation
New conversation -
-
-
Yiss, and
@uport_me has an audited, generalized impl of this! https://github.com/uport-project/uport-identity/blob/develop/docs/txRelay.md …pic.twitter.com/YRR9mWGM6q
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
This + allowing users to sign tx directly should they choose is probably a great transitional step. Some users will always want full control while most just want good UX. Very interesting approach! Whatcha think
@Kevinlivin ? -
Good ?, I'd allow user to authorize an "operator" contract to do state changes on behalf of a user. Similar to how
#ERC721 uses setApprovalForAll to approve an "operator" contract that can transfer a user's tokens and avoids the user having to do txs each step of the way
End of conversation
New conversation -
-
-
@metamask_io didn't get the memo. https://github.com/MetaMask/metamask-extension/issues/3475 … cc @aerinonfireThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Trust enabler?! can this work for advertising ... show me ads for stuff I like ...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
This can be done via relaying/proxying or bundling. There’s solution for that - Proof of Existense and
@opentimestamps by@peterktoddThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
What about dealing with this through a channel?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
This is the ETH equivalent of batching transaction
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Agree with it - at least as an alternative.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
storage isn't free and is highly subsidized in Blockchains already
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Wondering if u just described how an ethereum lightning-protocol would debit business for computation and transaction fees of their clients...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.