An Ether Payment Splitter for musical royalties. It's a web based DApp test project using Solidity & Javascript (including the Web3 library).
The web3 library used here has had a vulnerabilty found in it which hasn't been patched yet - WS-2019-0097 (web3/web3.js#2739). This isn't relevant to the current version of the project, however if you use web.js and implement the wallet.save method (https://web3js.readthedocs.io/en/v1.2.0/web3-eth-accounts.html#wallet-save), which stores the wallet encrypted and as a string in local storage, you should be aware that it's vulnerable to Insecure Credential Storage attacks (once a user enters a password to load the wallet from storage, the private key will remain available and this leaves the private key vulnerable to XSS).
The current functionality consists of the following::
1. Adding recipients and their relative royalties of a song (name, address, % of royalties).
2. Depositing and sending them these shares based on a certain deposited amount for the song.
Do not use with real funds without a proper audit.
- NPM (https://www.npmjs.com/get-npm)
- Truffle, using NPM (https://www.truffleframework.com/truffle) by typing npm install truffle -g
- Ganache (https://www.truffleframework.com/ganache)
- MetaMask - add it to your browser (https://metamask.io) and create a password
You should understand the basic functionality and purpose of these tools before moving forward.
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes:
- Start Ganache and make sure that it's configured to localhost port 8545
- Go to the project's local folder
- Type truffle migrate --reset --compile-all in order to recompile and upload the Solidity contracts to the local testnet (Ganache)
- Type truffle console to enter Truffle's Web3 console
- Type AppStein.new().then( result => {new_instance = result}) in order to save the information from the contract into a variable you can reference using a Javascript promise
- Check the deployed contract's address by typing new_instance.address
- Make sure that the address is the same in line 160 in the AppStein.html file which is located in the project folder (0x5227e903028a5ca06c029afe269053fd146f4540). If not, update the correct address.
- Verify that the ABI in line 70 in the AppStein.html file is the the value that resides under the /build/contracts/AppStein.JSON file. Another implementation is possible for this, as suggested here, among other places (reading the JSON contents dynamically instead of entering the static ABI hardcoded value): https://ethereum.stackexchange.com/questions/38828/what-is-the-best-way-to-get-the-json-abi-after-deploying-a-contract-with-truffle.
You should now be ready to go!
- Open the AppStein.html file, located in the project folder
- Open Metamask and login
- Configure MetaMask to run on your localhost network on port 8545 (using the dropdown menu in the main screen).
- Configure MetaMask to use your Ganache account by importing the seed. This is explained here: https://ethereum.stackexchange.com/questions/34287/using-ganache-with-an-existing-metamask-account
- Add a recipient, an address and a percentage of music royalties. Now press the Add Recipient button.
- Add a song ID & named and enter an amount of Ether to submit.
- Submit!
- The amounts should be transferred in accordance to your specifications.
Here is a list of the files holding the logic of the DApp. I made these files as documented as possible.
1. /AppStein.html - Holds the HTML & JavaScript logic.
2. /Contracts/AppStein.sol - Holds the Solidity Logic.
3. /Contracts/Ownable.sol - Holds the Open Zeppelin Ownable contract Solidity logic.
4. /style.css - Holds the styling & formatting for the html file.
5. /truffle.js and /truffle-config.js - Hold the project's configuration for the network exports & migrations.
- [NPM] (https://www.npmjs.com/get-npm) - Dependency Management.
- [Ganache] (https://www.truffleframework.com/ganache) - Used to create and manage a local BlockChain tesnet on the localhost.
- [MetaMask] (https://metamask.io) - Used to interact with the DApp using an injected WEB3 interface within the browser.
- [Truffle] (https://www.truffleframework.com/truffle) - Used to compile, migrate the Solidity contract files to the local testnet and interact with the deployed contracts. The truffle network configuration is available in the truffle.js & truffle-config.js files. More on this here: https://truffleframework.com/docs/truffle/reference/configuration
- [Ethereum Blockchain App Platform] (https://www.ethereum.org) - A decentralized platform for smart contracts.
- Avishai Efrat - Initial work - AvishaiEfrat
- Project inspiration and guidence by Chanan Sack.
- README.md structure taken from https://gist.githubusercontent.com/PurpleBooth.
- HTML & JS original structure based on Javascript30's tutorials (www.javascript30.com).
- Background image from https://pixabay.com/en/audio-condenser-microphone-music-1844798 (Creative Commons CC0).
- [Open Zeppelin Payment Splitter] (https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/finance/PaymentSplitter.sol) - A payment splitter on the Open Zeppelin GitHub page (a library for secure smart contract development).