Thanks to DI, we can accept queries from EVM-based identities now. It means users don't even need to own a parachain account to create the IDGraph, as they don't have to send extrinsic anymore.
However, our current data structure and interface must be adjusted to support this:
TrustedCall interface and signature verification change
Typically TrustedCall uses the first arg (of type AccountId) as the account which signs the request, with the signature defined as sp_runtime::MultiSignature. We probably need to extend it to IdentityMultiSignature, and the account should be the more generic Identity
Obviously the signature verification needs to be adjusted too
nonce mechanism change
When creating DI requests, a nonce is needed to avoid replay attack or duplicate execution. The nonce is retrieved from System::account_nonce for now, but it's only for substrate accounts.
For EVM identities we probably need to have our own storage in pallet, or take use of pallet-evm from frontier.
Summary
There's more than expected to be done here.
I could have created multiple sub-tasks for it, but those changes are closely connected. So, ideally:
the implementation can be done by one person to keep consistent
the changes should be submitted as one single PR, as any individual change alone would break the current codebase
We can have multiple people working on the same feature branch tho (e.g. for ts-tests)
Context
Thanks to DI, we can accept queries from EVM-based identities now. It means users don't even need to own a parachain account to create the IDGraph, as they don't have to send extrinsic anymore.
However, our current data structure and interface must be adjusted to support this:
IDGraph data structure change
Current IDGraph is a double map with keys
(litentry-account-address, identity)
, it's going to be changed: https://www.notion.so/web3builders/EVM-Sign-in-IDGraph-change-4e33973861c84c8c8858ad97d4fe74abTrustedCall interface and signature verification change
Typically
TrustedCall
uses the first arg (of typeAccountId
) as the account which signs the request, with the signature defined assp_runtime::MultiSignature
. We probably need to extend it to IdentityMultiSignature, and the account should be the more generic IdentityObviously the signature verification needs to be adjusted too
nonce mechanism change
When creating DI requests, a nonce is needed to avoid replay attack or duplicate execution. The nonce is retrieved from
System::account_nonce
for now, but it's only for substrate accounts.For EVM identities we probably need to have our own storage in pallet, or take use of
pallet-evm
from frontier.Summary
There's more than expected to be done here.
I could have created multiple sub-tasks for it, but those changes are closely connected. So, ideally:
We can have multiple people working on the same feature branch tho (e.g. for ts-tests)
Meanwhile, I see the upstream has quite some evm-related implementations already, maybe we can refer to them to avoid duplicate effort. E.g. https://github.com/litentry/litentry-parachain/blob/dev/tee-worker/app-libs/stf/src/evm_helpers.rs
That's some research debt from https://github.com/litentry/litentry-parachain/issues/996
Scope:
[ ] identity archiving:heavy_check_mark: Please set appropriate labels and assignees if applicable.