lorenzb / libsubmarine Goto Github PK

Related to #26 - we should have a javascript implementation of offchain clients.

This will also help if we can ever get truffle to work for unit testing so we can do code coverage tests

Also not sure what @lorenzb meant by this

@shayanb do tests exists for the generator python script? We should probably write a test suite to ensure output is well formed

See also lorenzb/proveth#10

Todos should be handled as issues, not buried on the readme somewhere

We need a web UI for usage and explanation/enforcement of the steps for Libsubmarine.

It can be hosted on the same repository using Jekyll for page rendering and Metamask for Ethereum functionality.

we already know the existing code is correct through manual testing, but we should have unit tests.

... and resupplying them in calls instead of storing them

Esp. mythril and slither might be good candidates.

Also consider making tools part of CI.

In my talk at EthCC I gave people a sneak peak of the new version that reduces the gas overhead to ~90k.

We should publish this version asap.

Current blockers:

• CREATE2 isn't supported by pyethereum tester. Time to bite the bullet and upgrade to eth-tester.
• Upgrade to solidity 0.5

• We need to make sure all functions have adequate and correct docspec comments
• We need to update the README.md for the repo to reflect the new changes
• We need to provide adequate documentation on the format of proofblob and _rlpUnlockTxUnsigned

This might allow us to get rid of revealDeposit.

Ideal functionality:

$ watchdog --rpc http://localhost:8545
Detected cheater in tx 0xcdcd...cdcd. Sending fraud proof to submarine contract in tx 0xabab...ababab
[...]

Now that we have LibSubmarineSimple pretty well set up, we should take another stab at ChallengeResponse and try to inherit / code share from Simple as much possible

...ensuring that we're using the genuine version.

Explain what they are, how to perform one

Just heard of Submarine Sends today, and read the documentation and smart contracts, so forgive me if my question or suggestion is naive.

Instead of using proofs or challenges as a mechanism to retrieve or trust the commit block, why not have the contract itself store the block number of the latest/last commit by the user. This can either be done via the constructor when it was deployed, or via a payable commit function.

Now, we want to be able to trust that the value of the public commitBlock was written to appropriately, so we just use EXTCODEHASH to check that the contract code actually does exactly that. We know what the contract code should always look like, given some fixed compiler version, so the deployed code's hash should be enough.

Am I missing something?

In addition to expanding documentation, we should have a hello-world style dApp that consumes this library so people can refer to that file to see how it all works

Not sure what @lorenzb meant by this

Does the challenge function as we have it right now allow a user to prove that you are correct (Proof of Correctness) (i.e. no need to wait for the challenge period to end, just let me prove I'm correct myself, and then maybe flip a bit somewhere in the session)

If not we should add that

What to do when an attacker maliciously inserts TXunlock in front of TXreveal ?

Statemachine with {locked, unlocked} x {unknown, revealed}.

I am not clear that we support this right now, we may need to tweak the "Session" object in the main contract

As we have it, sessionId is the hash of the unlock transaction. This is only used in the challenge to reconstruct the submarine address unless #13 in implemented.

What is the benefit of doing this? Could we use the submarine address itself as a sessionId?

Update the compiler version for the Auction Example to 0.5.0 so we can use abi.decode. Currently not possible until the OpenZeppelin folks update their code to use the newer compiler version. On-hold, but should be an easy change

openzeppelin-solidity/contracts/access/roles/MinterRole.sol:1:1: SyntaxError: Source file requires different compiler version (current compiler is 0.5.0+commit.1d4f565a.Linux.g++ - note that nightly builds are considered to be strictly less than the released version
pragma solidity ^0.4.24;
^----------------------^