[Devcon VI] Shopify Air Gapped Wallet Asset Verification Challenge

[patsissons]

Prize Title

[Devcon VI] Shopify Air Gapped Wallet Asset Verification Challenge

Prize Bounty

$5,000 USD split amongst all winners, paid out in USDC tokens or USD. The prize bounty will be split amongst the top 3 submissions with 1st place receiving $3,500, 2nd place receiving $1,000, and 3rd place receiving $500.

Challenge Description

This is a special Devcon themed challenge to build the best air gapped wallet asset verification experience. We want everyone to benefit from a more streamlined and simplified wallet asset verification process where the assets that need to be verified can only be accessed on a separate “air gapped” system. Both systems can be connected to a network, but the incentive should capture the ability to verify any wallet owned assets where that wallet does not want to be exposed to a broader network.

The concept of this challenge is to simply verify an offline high value wallet asset with an online mobile wallet or device. For example, imagine that you want to verify a high value NFT that lives in your Ledger or Trezor wallet to gain entry to an exclusive event, you prove ownership of the asset but not be required to bring your hardware wallet to the event and be required to connect and sign a message in a crowded public space. How could you perform the same verification with your mobile phone that still allows the event to assert your ownership of the asset?

Submission Requirements

Submissions must be a valid public GitHub repository containing the open source code for an air gapped wallet asset verification solution. All submissions must be received by ~October 28th~ November 4th, 2022 at 11:59 PM PST.

Judging Criteria

The prize pool will be split among valid submissions at the discretion of a panel of Shopify blockchain team judges. Scoring parameters include the UX, ingenuity/innovation, simplicity, and visual flair. There will be 10 points for UX, 5 each for all remaining parameters for a total of 25 points.

Your submission must demonstrate the ability to verify one or more air gapped wallet assets such as NFTs and other tokens, as well as verify any quantities or attributes defined by those tokens.

Winner Announcement Date

Winners will be notified by ~November 4th~ November 11th, 2022 at 11:59 PM PST. Prize payouts will be completed by ~November 10~ November 17, 2022 at 11:59 PM PST.

Resources

This challenge is being sponsored by the blockchain team at Shopify. We want to engage the community and create a challenge opportunity for teams to create a fun and exciting product that will benefit the Ethereum community as a whole. The winners of the challenge will receive a monetary prize and the notoriety that comes with building something amazing that people want to use in their projects. If you have any questions, please feel free to reach out to blockchain-challenge@shopify.com or leave a comment on this GitHub issue.

[ManyRios]

Can anyone participate? not only those who are present at the devcon?

[developerfred]

yeah @ManyRios it's an open bounty anyone in the world can participate

[patsissons]

Can anyone participate? not only those who are present at the devcon?

you bet! everyone is encouraged to hack on this bounty! the more the merrier!

[mehranhydary]

https://delegate.cash/ is future ;)

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work has been started.

These users each claimed they can complete the work by 2 days, 11 hours from now. Please review their action plans below:

1) jethanh has started work.

Rescoping*

First step will be to develop a program which accesses a private key stored on a machine. The private key will be used to sign messages in order to prove ownership of arbitrary Ethereum assets (NFTs, ERC-20s).

The second program will be one that asks the former to sign a message. It will look at a wallet's assets and if a given NFT is owned by the wallet, it will ask for a signature to prove ownership. Once it receives a response from the signing program, it will verify it. 2) nkhan054002 has started work.

taking the example, i can build a cryptographic method to verify, when the owner signs, i can run a hashing proof on all the existing assets, and check whether the resulting hash matches with the hash that is associated with that particular asset, hence verifying ownership 3) truonghuudu88 has started work.

Tôi muốn kiếm tiền tôi cần tiền 4) spiritbrother has started work.

i will create an offline first nft verification process using bluetooth LE or qr codeon mobile 5) lyledavids has started work.

building a air gapped wallet asset verification system 6) menezesphill has started work.

Hi @patsissons,

As I outlined in my email sent to blockchain-challenge@shopify.com. I plan to create these three pieces of software to coordinate two apps:

• A desktop web app where a user can connect his web wallet or physical wallet and delegate his tokens of choice to his account;

• A mobile app to display delegated tokens and NFTs without interacting with the actual wallet.

A database will handle these delegated tokens to create the air-gapped aspect of the application. 7) sholance has started work.

create a system to verify wallet assets offline 8) ooverapp77 has started work.

0xE6c973260B2625B81A78DD6680BcbEf5db04Ff91 9) kannusingh has started work.

End 2 End usecase plan for Air-Gapped-Asset-Verification

1. Event Organizer will have a platform to create event configuration(Like event name, accepting tokens/nft) and generate QR Code. They can be displayed them in their website or anywhere by which they are promoting the event.
2. User who is interested , will use this QRCode to generate their event pass by signing the data with their wallet private key in which they have required asset(NFT/Token) . This can be done offline and at user's comfort zone. I will be creating simple web application for it. Using the user signature and event config details, event pass will get generated which will be a QRCode. This QRCode user will carry with them on event day. This will only have the signature and event details on it, so no risk in carrying this (printed copy or QR Code screenshot on phone).
3. On event day user will show this QRCode and details will be verified on spot by scanning the QRCode by event organizer and will be granted access to event. I will create the platform for this too. 10) somay has started work.

Create a system where a user can delegate its signing capability to the other accounts. 11) seungjulee has started work.

Token based authentication to verify the ownership 12) flyinglimao has started work.

1. Design a process about how an event host verifies a user's ownership of tokens
2. Implement a PoC of the process 13) daromacs has started work.

1- Get the NFTs per wallet 2-Show the events to where the attendee want to sign in 3-Assign an specific part in the dapp for the organizers to sign in and set their events

4. The idea is that the day of the event the attendees would have to login and the app will show the NFT allowing them to be accepted to the event

Learn more on the Gitcoin Issue Details page.

[tnkerer]

Hi @patsissons! I would like to participate in this challenge. I am creating a diagram showing how I thought this app could work and all the moving parts required to develop the air-Gapped verification process. I would appreciate it if you guys could give feedback to ensure we are on the right track. I am sending more info to blockchain-challenge@shopify.com

[patsissons]

I am sending more info to blockchain-challenge@shopify.com

Hey @menezesphill, apologies if you had sent the email already, it may have bounced. I have fixed the issue and it should go through now.

[tnkerer]

I am sending more info to blockchain-challenge@shopify.com

Hey @menezesphill, apologies if you had sent the email already, it may have bounced. I have fixed the issue and it should go through now.

@patsissons sent! 🚀

[KannuSingh]

Hey @patsissons , can you provide some insight on few question regarding the challenge

1. Can the prover/owner show a message signature to verify the ownership of the wallet?
2. Is there any other limitation on the prover/owner besides that they cannot bring their hardware wallet and sign the message in a public place?
3. Does the verifier need to know the wallet address holding the NFT or tokens? What are the privacy requirements for the challenge?

[patsissons]

1. Can the prover/owner show a message signature to verify the ownership of the wallet?

i don't see why not, the rules of how this should work are pretty relaxed. as long as the wallet owning the asset doesn't need to perform the proving wallet connection.

2. Is there any other limitation on the prover/owner besides that they cannot bring their hardware wallet and sign the message in a public place?

a good way to think of this is the solution should be able to prove a ledger asset on site without having to bring your ledger device on site

3. Does the verifier need to know the wallet address holding the NFT or tokens? What are the privacy requirements for the challenge?

IMO as long as the verifier can verify ownership, the holding wallet address doesn't need to be shared, but that may result in a more complicated solution.

[patsissons]

Hey everyone, i just wanted to add some context about the deadline.

I will be reaching out to all contestants a few days out (about Oct 25) to check in if there is a consensus to extend the deadline a bit further. we picked the date arbitrarily, and we're happy to extend if that results in higher quality submissions, we'd rather create a fun contest than a stressful contest.

[somay]

nice bounty! Just a few questions.

1. Are there any limitations on the capabilities of air gapped wallets? If the solutions should work with the existing hardware wallets such as Ledger or Trezor I think we have to come up with solutions using the features already implemented in these models. We can be more flexible if the air gapped wallet can have new features for this use case.
2. What do you mean precisely by "a broader network"? Does it mean just the Internet? namely the air gapped wallet can communicate with the mobile wallet through LAN or Bluetooth in holder's house but cannot access to the Internet?

They might be what challengers have to think but if you have particular intentions I want to know before starting.

[justinasfour04]

Would you say we should strive towards making an immutable solidity solution that would tie into a ui, or simply build a delegation system whereby you tie your vault to a hot wallet and so your hot wallet sees your vault and can grant read access to your vault but not write?

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work for 5000.0 USDC (5000.00 USD @ $1.0/USDC) has been submitted by:

1. @kannusingh
2. @flyinglimao
3. @seungjulee
4. @daromacs
5. @rude69
6. @menezesphill

@patsissons please take a look at the submitted work:

• PR by @menezesphill
• PR by @rude69
• PR by @daromacs
• PR by @seungjulee
• PR by @flyinglimao
• PR by @kannusingh

---

• Learn more on the Gitcoin Issue Details page
• Want to chip in? Add your own contribution here.
• Questions? Checkout Gitcoin Help or the Gitcoin's Discord
• $1,003,892,152.42 more funded OSS Work available on the Gitcoin Issue Explorer

[patsissons]

1. Are there any limitations on the capabilities of air gapped wallets? If the solutions should work with the existing hardware wallets such as Ledger or Trezor I think we have to come up with solutions using the features already implemented in these models. We can be more flexible if the air gapped wallet can have new features for this use case.

I don't think there are any limitations, we're not looking for everyone to creation turn-key solutions, but rather functional ideas on how this current friction-filled process could be made better for everyone. If your idea leads hardware wallets to develop new features, i would call that win.

2. What do you mean precisely by "a broader network"? Does it mean just the Internet? namely the air gapped wallet can communicate with the mobile wallet through LAN or Bluetooth in holder's house but cannot access to the Internet?

A network that someone with a high value asset wouldn't feel comfortable exposing it to. this could be the whole internet, or even just a janky wifi connection that could easily be man-in-the-middle attacked. Your example is reasonable for being "air-gapped".

[patsissons]

Would you say we should strive towards making an immutable solidity solution that would tie into a ui, or simply build a delegation system whereby you tie your vault to a hot wallet and so your hot wallet sees your vault and can grant read access to your vault but not write?

I think either direction sounds very interesting to explore.

[KannuSingh]

Hey @patsissons , can you review my approach and give any feedback. I can try to improve on it

[tnkerer]

agree with @spiritbrother, @patsissons some extra time would really help me achieve the level of quality I want for my solution.

[patsissons]

OK, everyone. It sounds like there is already interest in a small extension, I'm going to propose adding 1 full week (7 days) to the deadline. Please give me a thumbs up on this comment if you are in agreement and a thumbs down otherwise. I'll confirm before EOD whether or not there is an extension.

[TxusBlack]

Thank you @patsissons! I just started 😄

[patsissons]

Confirmed, we will extend the deadline by 7 days to November 3rd! Happy hacking everyone! 🥳

[seungjulee]

Oh I didn’t realize there was a discussion here. I didn’t realize that the deadline was extended. I was just looking at the gitcoin page. I was wondered why there was a discrepancy between the cutoff date and announced cut off date.

I worked hard to meet the deadline and submitted the work on time which made my work to be exposed to other people. I hope nobody took reference for it.

[rude69]

Oh! I guess here i should leave a coment////

[somay]

it seems like I misunderstood the deadline and it's already over. anyway I want to share my result even if it won't evaluated. here! https://github.com/somay/devcon-air-gapped-asset-verification

[patsissons]

Oh I didn’t realize there was a discussion here. I didn’t realize that the deadline was extended. I was just looking at the gitcoin page. I was wondered why there was a discrepancy between the cutoff date and announced cut off date.

I worked hard to meet the deadline and submitted the work on time which made my work to be exposed to other people. I hope nobody took reference for it.

apologies for the disconnect, the Gitcoin page and this page should have been in sync but it's possible that the deadline specified there didn't update immediately. we tried to be transparent with the idea of extending the deadline early and announcing it publicly here as soon as it was decided to extend.

[patsissons]

it seems like I misunderstood the deadline and it's already over. anyway I want to share my result even if it won't evaluated. here! https://github.com/somay/devcon-air-gapped-asset-verification

We will absolutely have a look at your submission, but we won't be able to include your submission along with the others eligible for prize money.

[patsissons]

I noticed that the details for all dates in the issue description weren't updated for this contest, hopefully it was implied that if we shift the submission deadline out a week then the announcement of winners and payout dates were also shifted out a week 😅

I'm going to update these details now just for clarity

• submission deadline: Nov 4th (prev Oct 28)
• winners announced: Nov 11th (prev Nov 4)
• payouts disbursed: Nov 17th (prev Nov 10)

[patsissons]

it seems like I misunderstood the deadline and it's already over. anyway I want to share my result even if it won't evaluated. here! https://github.com/somay/devcon-air-gapped-asset-verification

@somay please send us an email at blockchain-challenge@shopify.com, i think we might be able to get your submission accepted, but we'll have to go through some extra steps.

[somay]

@patsissons Great pleasure! I'll send it! done!

[seungjulee]

@patsissons Any update? Not sure why, but the link for the bounty seems broken atm. Thanks again for providing the opportunity to participate. https://gitcoin.co/issue/29448

[patsissons]

Thanks @seungjulee I just came to announce that we're aware of the broken bounty page, and i've reached out to gitcoin to see if we can get it resolved. We completed judging the submissions last week and were going to post the winners last Friday, but we'd like to wait for the bounty page to start working again first. I'll try and keep the issue updated with progress being made.

[seungjulee]

Thanks for the update! 😁🤞

[patsissons]

Hey folks, the gitcoin issue seems to be persistent and I don't want to wait any longer to announce the winners of the challenge!

So here we go, after spending a number of hours going through all the submissions we have some results to share. First off I would like to say that all of these submissions were great, the amount of fully functioning solutions submitted was amazing and I think between all of these submissions I can see a product ready to be formed 🤔 (encouraging the winners to chat amongst themselves and collaborate further). The judging panel found it challenging to identify a single top winner, but we eventually managed to land on the top 3 submissions, so here they are:

1. cryptotix by flyinglimao
   • we really liked the composable configurability of this solution
2. cryptopasser by seungjulee
   • we really liked how easy this solution was to use
3. DID/VC verifier by somay
   • we really liked the novel approach of using DID/VC

Some honourable mentions:

• MetAPP by menezesphill
  • we really liked how everything was built into a gitpod
• AirGapped by daromacs
  • we really liked how amazing the video demo was and how nice the live demo was styled
• 3ET by kannusingh
  • we really liked the event configuration schema

Thank you to all who participated, we really appreciated all of the effort put into this challenge. If you have any feedback for us on the challenge please let us know (here publicly or privately via blockchain-challenge@shopify.com). Stay tuned for more bounties to come in the future!

[KannuSingh]

@patsissons is there any feedback on my submission or thing I can improve on?

[patsissons]

@patsissons is there any feedback on my submission or thing I can improve on?

Honestly, your submission was really great as well, this is a situation where the competition bar was really high and we had to begrudgingly pick only 3 winners. We liked how you had configured your events, similar to cryptotix they were very composable.

[patsissons]

Hey everyone, just a heads up on the status of this bounty. We're going to abandon trying to fix the gitcoin page and progress forward with manual payouts to the winners. This shift in planning means we need to shuffle the funds around to a new wallet so that we can perform the disbursements (nothing alarming, just your typical large company financial compliance mechanics 😅). I'll send the winners an email with an expected schedule for winnings payouts later today.

[patsissons]

Another update, we're still waiting for the transfer of the USDT funds to a wallet that we can disburse from. I promise this is moving forward, but taking a bit longer than we anticipated.

@seungjulee just a heads up that I do not have your email address so i cannot include you on the email to the winners with more detailed updates. If you want to be included please send us an email at blockchain-challenge@shopify.com

[patsissons]

Hey everyone, time for the final update.

We have disbursed all winnings and with that brings this bounty challenge to a close. Thank you everyone for participating and making this challenge a successful experiment. I hope everyone had fun here, and as always if you have any parting comments feel free to add comment here or send us an email at blockchain-challenge@shopify.com