Endpoints needed for Atomic Swaps

dangershony commented 1 year ago

https://github.com/block-core/blockcore-atomic-swaps/issues/11

dangershony commented 1 year ago

I write the endpoints inputs and outputs here I believe I need the following

Login

This exists and is called signmessage it return a key (the address) Now I have added to return a pubkey, however if we want to to conform to the BCIP we need to be able to provide a path or create a new sign in endpoint

I also propose that we will return in the signmessage the

  walletId: string;
  accountId: string;
  keyId: string;

This is so future calls (like get balance for an account can pass those params and not let the user pick them)

Balance

idea: make it more generic and call this getinfo that can return balances or trxid or trxhex etc...

Balance will return the balance of that account

Input : { walletId, accountId } 
Output : { balance }

Send

Send funds to a given address (or addresses)

(do we need to also specify walletId, accountId?)

Input : { target[{address, amount}], fee (high,medium,low)} 
Output : { trxid }

Optional params to consider on the input

Input : { network(do we need this?), data(opreturn), walletId, accountId }

Spending the swap trx

This is a special case we have two options somehow build the special swap script in the wallet itself or enable the wallet to sign an input

To get an idea of the complexity of building the swap spend trx look here https://github.com/block-core/blockcore-atomic-swaps/blob/main/src/Blockcore.AtomicSwaps/Shared/SwapBuilder.cs#L71

An idea I have is that we could potentially make an api endpoint that return the swap special private key and do the signing in the dapp, and give the user extra warnings about this operation.

The risk is lower because if we implement the BCIP then the private key is hardened and if leaked only open swaps are potentially compromised (assuming the attacked has the secret hash)

out of the 3 options here are the inputs

build the swap trx in the wallet

Input : { redeemscript, sharedSecret, outpoint (or swap trxid that has the outpoint), swap-pubkey, target-address,} 
Output : { trxid }

sign swap input

Input : { pubkey, sighash, SigHashType} 
Output : { signature}

return the special swap private key

Input : { pubkey, } 
Output : { privatekey}

Derivation of the secret hash

The secret hash need to be a random number, however if we are able to have access to the private key then we can derive the secret hash in a deterministic way (which can be useful for recovery)

If we go for the option of asking for the private key this is not an issue, however otherwise we can add an endpoint to sign the session id and hash that (I think this can potentially be achieved already with the signmessage endpoint.

dangershony commented 1 year ago

Another endpoint we could potentially get and then not use the send endpoint is to fetch UTXOs and then call the sign method Or to pass to the wallet an unsigned trx and have it sign the inputs

Doing this will give the swaps dapp more flexibility

dangershony commented 1 year ago

I that I have one more requirement, there are two methods that do not require consent (no popup) atomicswaps.key - return the swaps derived pubkey atomicswaps.secret - generate a secret hash using the swaps key

However when the wallet is locked this is not possible, I suggest when those methods are called if the wallet is locked we must initiate a wallet popup to unlock the wallet.

Why is it without consent? during a swap I may need to call a wallet a few times, the UX will be horrible if a user has to approve a few popups one after the other

dangershony commented 1 year ago

One more to the list

https://github.com/block-core/blockcore-atomic-swaps/issues/32

block-core / blockcore-wallet