Provable-Games / loot-survivor

A fully onchain arcade dungeon crawler built on Starknet in conjunction with Realms.world. Explore the dynamically generated dungeons while you fight for your life against beasts and obstacles in pursuit of a spot on the esteemed leaderboard.
https://survivor.realms.world
MIT License
5 stars 7 forks source link

implement snip12 for verifying argent/braavos account ownership #193

Closed loothero closed 1 month ago

loothero commented 2 months ago

To enable individuals without any funds on Starknet to be able to claim and participate in the launch tournament, we need any/all required transactions to originate from the Controller.

When the user goes to claim their free games, we want them to issue the claim from their Controller, without having to move the qualifying NFTs into their Controller. To achieve this, we need to prompt them to sign a SNIP12 that includes their controller address. This signed message will get passed into enter_launch_tournament where it will be validated onchain before minting the qualifying NFTs to their Controller account. By including the Controller address in the signed message and checking to ensure the caller is that Controller address, we prevent replay attacks.

OZ SNIP12: https://github.com/OpenZeppelin/cairo-contracts/blob/release-v0.15.1/packages/utils/src/cryptography/snip12.cairo Argent Signature Validation: https://github.com/argentlabs/argent-contracts-starknet/blob/main/src/presets/argent_account.cairo#L800