Open CremaFR opened 1 year ago
Initial specs/idea:
Considering all the point above this back-end will have one endpoint /checks which takes a raw transactions and a policy as parameters and returns a message with a signed transaction hash.
Inputs: Transaction as defined here: https://docs.starknet.io/documentation/architecture_and_concepts/Blocks/transactions/ Policy is a list of
The back run simulate transaction on a node and analyse the trace to determine the risks. The back should also check for approvals (and returns warning if an address in the policy is spotted in the trace).
Some addresses and selectors to checks
eth erc20 addr: 0x72df4dc5b6c4df72e4288857317caf2ce9da166ab8719ab8306516a2fddfff7
approve selector: 0x219209e083275171774dab1df80982e9df2096516f06319c5c6d71ae0a8480c transferFrom selector: 0x41b033f4a31df8067c24d1e9b550a2ce75fd4a29e1147af9752174f0e6cb20 transfer selector: 0x83afd3f4caedc6eebf44246fe54e38c95e3179a5ec9ea81740eca5b482d12e
Some interesting transaction hash to check for "complex" calldata: https://testnet.starkscan.co/tx/0x02e6c38c8579fef5d530945d98a0f7905452a6e764658daf4e108d211ddffd06#internal-calls
The contract account's plugin will be updated to have the following:
2 new variable state:
The signature field will be updated to include
The big question is where to save the policy and how to restore one.
Draft sequence diagrams:
To be reviewed
Updated Sequence diagrams:
In the following days, this issue will be detailed by all the tasks listed in the Starkcheck module project and then closed.
repo of the project
https://github.com/LedgerHQ/StarkCheck