[Feature]: Deterministic burner accounts

[rsodre]

Feature Request

Problem: New burner accounts are always created with a random keys and address, stored on the browser.

That causes many drawbacks:

• Users need to be aware of their accounts' vulnerabilities, export, and store keys securely.
• If the browser data is cleaned and the private key is lost, the account and assets are also lost.
• Recovering one address requires the technical ability to dig into a block explorer and find the deployment transaction.
• Increases support occurrences from users who don't know where their keys are and/or lost their accounts
• Terrible user experience

We don't want to expose players to another security risk and we don't want players to lose assets.

From one seed phrase, Ethereum and Starknet wallets always create the same account address sequence wherever they are recovered. Understanding the importance of their seed phrase and storing them securely is something every user needs to understand and be comfortable with before starting to interact with on-chain games.

Proposed Solution

I propose implementing Deterministic Burner Accounts, from a a seed and an index, similar to Ethereum and Starknet wallet accounts.

Obviously, we don't want access to players' seeds and keys! This is the proposed workflow:

• Request player to sign a specific message, known by the game developers
• The signature is never stored or displayed to the player.
• Use @scure/bip32 to create keypairs and addresses
• Deploy, fund, and use accounts to play the game
• Players do not need to securely store their keys
• Browser data can be deleted at any time, for security concerns
• Anywhere player connects their wallets, by signing the same message, their accounts and keys can be recovered and used.

The solution I'm working on includes:

• Passing optional seed and index to the burner manager create() method
• Simulate account address generation with a new burner manager generateKeysAndAddress () method
• Key derivation implementation using @scure/bip32
• Storing the account index, master account, and metadata (signed message contents) to the burner storage

Alternatives

None, currently we can only create random burner accounts.

Related Code

• BIP-32 Hierarchical Deterministic Wallets details how to create accounts from a seed and index
• Someone drafted a proposal for Account keys and addresses derivation standard on Starknet
• ArgentX uses this technique for key derivation. how

Additional context

No response

If the feature is accepted, would you be willing to contribute it?

• [X] Yes I would be willing to contribute

[rsodre]

This solution is already working on this branch, to be pulled soon: https://github.com/rsodre/dojo.js/tree/deterministic-burners

If this feature is accepted, please assign it to me.