stacksgov / critical-bounties

1 stars 0 forks source link

sBTC Stacks-Signer Management Tool UI #10

Closed will-corcoran closed 1 week ago

will-corcoran commented 1 year ago

Discussed in https://github.com/stacksgov/Stacks-Grant-Launchpad/discussions/842

Originally posted by **will-at-stacks** March 17, 2023 ### Introduction: Maintaining a well-decentralized graph of Stacks follower and mining nodes is important to the health of the Stacks network. Stacks 3.0 will require stackers to run a new signing application. Current users who are unable to securely run a signer application may be incentivized to delegate their signing responsibility. While potentially more convenient, delegating signing responsibility reduces the number of independent entities responsible for securing the sBTC threshold wallet and lowers decentralization. ### Critical Bounty Mission Statement: To address these challenges, this Critical Bounty seeks a solution that provides sBTC Stacks-Signers **a simple web-app interface** by which they can sign transactions related to: - Depositing funds - Withdrawing funds - Casting votes - Propose elections _(related to sBTC script security, fee recovery parameters, and Nakamoto release related block production rules)_ This will allow a wide range of Stackers/Signers to participate directly in the sBTC Threshold Signature protocol in a trustless manner. This application will have a high security consideration. ### Functionality / Deliverables (shall include, but not be limited to): - The sBTC Stacks-Signer Management Tool shall be a Hiro Wallet- or Stacks Connect-authenticated full-stack application consisting of: — Typescript React-based web front-end — Typescript Deno-based back-end - The back-end business logic should be implemented in Typescript and provide for wrapper Rust library and binary to spawn the serving process. - The user’s wallet would sign a message provided by the back-end providing proof-of-knowledge of the Stacking address private key. - Communication between front-end and back-end applications to be mediated via HTTPS - The sBTC Stacks-Signer Management Tool shall comply with sBTC-related requirements including, but not limited to: - Ability to monitor sBTC Stacks-Signer health and metrics via RPC-API - Ability to provide secure access control to Stacks-Signers via password or cookies, similar to Bitcoin-node and/or Stacks-node RPC API’s - The sBTC Stacks-Signer Management Tool code repository shall provide: — Full documentation — Integration tests — Continuous Integration / Continuous Deployment infrastructure via Github Actions - Rust integration: — rustfmt, rustc, tests — Documentation and publishing to [docs.rs](http://docs.rs/) — Crate publishing to [crates.io](http://crates.io/) - Product 'roadshow', feedback, and improvements: All recipients will be responsible for demonstrating functionality, championing early adoption, gathering feedback, and making one to two rounds of high-impact, feedback-based improvements. ### Required Knowledge / Skills: - Demonstrable experience building full-stack applications using Typescript and React or Svelte - Strong familiarity with Rust - Familiarity with Dune is helpful, but not required ### References: 1. [sBTC Whitepaper](https://stacks-network.github.io/stacks/sbtc.pdf) 2. [Stacks Nakamoto Release Whitepaper](https://uploads-ssl.webflow.com/618b0aafa4afde65f2fe38fe/6399d5ca541ccc6c51882bed_stacks.pdf) 3. [sBTC project dashboard](https://github.com/orgs/Trust-Machines/projects/5/views/10) 5. [Clarinet Docs](https://github.com/hirosystems/clarinet) (reference for design system req’d for Typescript applications wrapped within a Rust application) 6. [TM Repo](https://github.com/Trust-Machines/core-eng/tree/main/stacks-signer) (code & documentation standard) ### Critical Bounty Fee: - Maximum Fee: $26,000 ### Reviewers / Advisors: [Igor Sylvester](https://github.com/igorsyl), Core Engineering Lead, Trust Machines [Mike Cohen](https://github.com/radicleart), EcosystemDAO [Andre Serrano](https://github.com/andrerserrano), sBTC Resident and sBTC Go To Market Working Group Lead [Jesse Wiley](https://github.com/wileyj), Integration and Security Lead, Stacks Foundation [Kenny Rogers](https://github.com/kenrogers), Developer Advocate, Stacks Foundation [Will Corcoran](https://github.com/will-at-stacks), Grants Lead, Stacks Foundation ### Additional Comments: Recipient will be expected to attend sBTC Core Engineering Working Group calls while the bounty is in development and provide weekly updates. ### **[APPLY HERE](https://stx.is/5kVQbn)** ---- NOTES ABOUT CRITICAL BOUNTIES: If you have thoughts, questions, or comments on the rough outline for this Critical Bounty above, please comments below. Please note, all 2023 Q2 Critical Bounties that have funding approved for them will be moved to the Issues page ([here](https://github.com/stacksgov/Stacks-Grant-Launchpad/issues?q=is%3Aopen+is%3Aissue+label%3A%22CRITICAL+BOUNTY%22)) on Tuesday 03/21/2023. Some procedural items to keep in mind with 2023 Q2 Critical Bounties: 1. Each Critical Bounty will have a pre-approved minimum and maximum budget listed within the issue. 2. All applications will be submitted via a BlockSurvey which will be linked within the Issue. 3. Applications will be open from 03/21/2023 to 04/03/2023. 4. Critical Bounty applications will be reviewed by relevant members of the sBTC Core Engineering Team and technical staff from the Stacks Foundation. 5. The selected recipient will be the low, qualified bidder (in the eyes of the reviewers). 7. Selected Critical Bounty recipients will be announced on 04/07/2023 and will be expected to start work immediately and attend sBTC Core Engineering meetings to provide weekly updates on their work.
stacks-foundation commented 1 year ago

👋 @will-at-stacks
Thanks for your application! We will do a pre-review and let you know if we have any immediate questions. In the mean time please refer to our review schedule here for a detailed timeline and response dates.
Best, Will

will-corcoran commented 1 year ago

Congrats on being awarded this Critical Bounty @setbern for $26k

Supplementary funding is also going to @macxim for UX/UI services for $4,480

Congrats to you both.

More information on this Critical Bounty can be found here

will-corcoran commented 1 year ago

@setbern please post your original application for the Critical Bounty here for public awareness.

Thanks, Will

radicleart commented 1 year ago

@setbern here are swagger docs for the sbtc-bridge-api repo. Feel free to dm on discord mijoco#8856

setbern commented 1 year ago

Original application ~~ Hi Iʼm SetBern (Bernardo Garciarivas) & am the more handsome other half of the StrataLabs team. Since 2016 Iʼve run a development agency as a co-founder & lead React/Typescript/full-stack engineer on most engagements usually tasked with building & managing projects development. These projects have differed from simple single page applications for startups to complex architectures involving multiple databases, an api, multiple consumer facing apps, & multiple admin portals for established SMBs. Since we launched the Badgers collection back in 2021, Iʼve nose dived into Stacks, obsessing with creating a great UX for the end user at the beginning of my journey to allow me to understand the deeper technical sides from working daily with Setzeus. That obsession has allowed me to be well suited for the task. Iʼd love to contribute to the sBTC effort & have the following qualifications. 8 Years Building Front End Websites 7 Years React 5 Year Typescript Over 12 React based front end using Stacks.js, Stacks Connect, or Micro Stacks since November 2021 Team Assistance Iʼll be working with Setzeus/Jesus Najera who is applying to the sister-issue stacksgov/critical-bounties#11 - sBTC Stacks-Signer Support For Mobile. With a ton of overlap between these two issues, we feel very prepared to take them on together.

setbern commented 1 year ago

Initial basic idea for singer dashboard - https://sbtc-web-signer.vercel.app/

Research goal is to get a feel if this is enough data or too much data for the user to navigate/use the Signer API/dashbaord

andrerserrano commented 5 months ago

Hey all, what's the latest on the Signer dashboard? @setbern I'd like to revisit this in light of the Nakamoto release and updated requirements for Signer tooling. Thanks!