lorenzb / libsubmarine Goto Github PK
View Code? Open in Web Editor NEWImplementation of a novel practical scheme for submarine commitments
Home Page: https://libsubmarine.org
License: Other
Implementation of a novel practical scheme for submarine commitments
Home Page: https://libsubmarine.org
License: Other
Related to #26 - we should have a javascript implementation of offchain clients.
This will also help if we can ever get truffle to work for unit testing so we can do code coverage tests
See also lorenzb/proveth#10
Todos should be handled as issues, not buried on the readme somewhere
We need a web UI for usage and explanation/enforcement of the steps for Libsubmarine.
It can be hosted on the same repository using Jekyll for page rendering and Metamask for Ethereum functionality.
we already know the existing code is correct through manual testing, but we should have unit tests.
... and resupplying them in calls instead of storing them
Esp. mythril and slither might be good candidates.
Also consider making tools part of CI.
In my talk at EthCC I gave people a sneak peak of the new version that reduces the gas overhead to ~90k.
We should publish this version asap.
Current blockers:
This might allow us to get rid of revealDeposit
.
Ideal functionality:
$ watchdog --rpc http://localhost:8545
Detected cheater in tx 0xcdcd...cdcd. Sending fraud proof to submarine contract in tx 0xabab...ababab
[...]
Now that we have LibSubmarineSimple pretty well set up, we should take another stab at ChallengeResponse and try to inherit / code share from Simple as much possible
...ensuring that we're using the genuine version.
Explain what they are, how to perform one
Just heard of Submarine Sends today, and read the documentation and smart contracts, so forgive me if my question or suggestion is naive.
Instead of using proofs or challenges as a mechanism to retrieve or trust the commit block, why not have the contract itself store the block number of the latest/last commit by the user. This can either be done via the constructor when it was deployed, or via a payable commit
function.
Now, we want to be able to trust that the value of the public commitBlock
was written to appropriately, so we just use EXTCODEHASH to check that the contract code actually does exactly that. We know what the contract code should always look like, given some fixed compiler version, so the deployed code's hash should be enough.
Am I missing something?
In addition to expanding documentation, we should have a hello-world style dApp that consumes this library so people can refer to that file to see how it all works
Not sure what @lorenzb meant by this
Does the challenge function as we have it right now allow a user to prove that you are correct (Proof of Correctness) (i.e. no need to wait for the challenge period to end, just let me prove I'm correct myself, and then maybe flip a bit somewhere in the session)
If not we should add that
What to do when an attacker maliciously inserts TXunlock in front of TXreveal ?
Statemachine with {locked, unlocked} x {unknown, revealed}.
I am not clear that we support this right now, we may need to tweak the "Session" object in the main contract
As we have it, sessionId
is the hash of the unlock transaction. This is only used in the challenge to reconstruct the submarine address unless #13 in implemented.
What is the benefit of doing this? Could we use the submarine address itself as a sessionId
?
Update the compiler version for the Auction Example to 0.5.0 so we can use abi.decode. Currently not possible until the OpenZeppelin folks update their code to use the newer compiler version. On-hold, but should be an easy change
openzeppelin-solidity/contracts/access/roles/MinterRole.sol:1:1: SyntaxError: Source file requires different compiler version (current compiler is 0.5.0+commit.1d4f565a.Linux.g++ - note that nightly builds are considered to be strictly less than the released version
pragma solidity ^0.4.24;
^----------------------^
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.