Closed makoto closed 4 years ago
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
This issue now has a funding of 500.0 DAI (500.0 USD @ $1.0/DAI) attached to it.
If you have any questions please either ask here or via discord channel. https://discord.gg/B5ZZUZ
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
Work has been started.
These users each claimed they can complete the work by 2 years, 1 month ago. Please review their action plans below:
1) hammadtq has started work.
I have some ideas on how this can work, also have experience with FOAM, IoT and Bump style sign-ups. Will figure out most optimum way to implement this. 2) nukemandan has started work.
IPFS and Ethereum used to lock an image wit metadata baked into the JPEG file about the location/event and the location it was taken. A Content Identifier (CID) is generated that is a hash of the image w/ metadata that is then locked into a blockchain by the same account as the one associated with a kickback stake. Thus the user also signs a proof that they are the one that took this image and when specifically as proof they should get their kickback stake without the need for any other checkin. In the event of a dispute, this can be used as evidence to reference. 3) crisgarner has started work.
I plan to implement a small frontend to test auto check-in that could be easily integrated with the main project 4) snaketh4x0r has started work.
I have worked on a prototype which just requires only a PC/laptop to setup and possibly can be expanded to require only mobile currently there is no front end and will require to make it as one click deployment solution without any technical knowledge event organizers will only have to download a electron app from kickback website and press a single button to create forms,deploy the server on local network and send emails/alerts. 5) tomafrench has started work.
MVP:
Polish:
Learn more on the Gitcoin Issue Details page.
After further thinking about this, I think the real value will be in starting with a way to scan a time cycling code that we can use to have attendees scan.
A QR code scanner to read a TOTP code from the checkin app and then verify with the kickback servers that it is valid in a tight window ( something on the lines of 5 seconds to make it difficult for someone sending the code to another off site to check-in without being at the station itself {someone sharing a live video of this would defeat this security model... :thinking: but a start})
If validated, the the user is checked-in, for review by the organizers after the event, or optionally automatically trusted and kickback would auto issue stake & kickback out to attendees.
I will need Kickback (@makoto ) to update the backend of kickback to implemented the generation of a TOTP secret for each event.
There are options for this: https://awesomeopensource.com/projects/two-factor-authentication
One of the most common that i would suggest: https://github.com/yeojz/otplib
Hi @NukeManDan . Thank you for the suggestions. For the scope of this hackathon you can create a simple api server which offers TOTP service and update the checked in info in your database. Then from the admin page, admin can pull the check in info and call MARK_USER_ATTENDED
.
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
Work for 500.0 DAI (500.0 USD @ $1.0/DAI) has been submitted by:
@vs77bb please take a look at the submitted work:
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
This issue now has a funding of 300.0 DAI (300.0 USD @ $1.0/DAI) attached to it as part of the EthereumFoundationOfficial fund.
Issue Status: 1. Open 2. Cancelled
The funding of 300.0 DAI (300.0 USD @ $1.0/DAI) attached to this issue has been cancelled by the bounty submitter
here is my submission https://github.com/snaketh4x0r/mycheckin
I wouldn't mind having a go at a bounty for this at some point after the hackathon as it seems like an interesting issue.
It seems like POAP could be quite easily altered to work for this purpose although it would require changes to the smart contracts as well (Actually this isn't needed but would massively decrease the complexity on the organiser's end). My only concern is situations with AP isolation might cause issues with attendees being able to connect to the signer.
I have a proof of concept which I've knocked together, all that needs to be done is to point it at Kickback's backend and add some method to store the proofs (Just need to dump it in a database somewhere).
At that point you can just print out a list of addresses (along with the proofs) to give to the event admin for them to finalise with. In future the contract could be altered so that attendees can use the proof directly to mark themselves as present onchain (but there's increased cost associated with that).
Putting my submission here since it seems there is a bug on the frontend. https://github.com/crisgarner/autocheckin
@TomAFrench Can you submit what you have right now?
all that needs to be done is to point it at Kickback's backend and add some method to store the proofs
you can build a simple dummy backend for the demo purpose (like https://github.com/hammadtq/kickback-checkin )
Erm, it's really rough and I'm afraid I don't have time at the minute to make the necessary modifications to do the verification of proofs.
I can do a small write up of the check in process (and my plans for completion) if you like but I won't be able to give a working demo just yet.
I've done a small write up on the check in process here where you can also see the code. I'm happy to answer any questions.
@makoto I've had a bit of free time so I've thrown together an implementation of signing/verifying proofs of attendance
You can see them in:
poap-signer.ts
and verify_proof.ts
for the signer
routes.ts
and verify_proof.ts
for the server
It needs a bunch more work (atm it doesn't verify addresses against the contract but I've commented in the extra steps needed) but it should give a good idea of the finished product along with the writeup
Hey @TomAFrench can you join our discord https://discord.gg/RD2ZN5 so that I can ask a couple of questions?
He created his own smart contract (AutoCheckIn.sol) which allows attendees to stake for a certain period to prevent people from transferring to others to double spend. The ability to temporarily freeze the token transfer allows Kickback admin to check-in people in real-time.
One question remains whether we should force people to make 3 additional mainnet transactions (approve, stake, and withdraw) for auto check-in purposes.
Nonetheless, it was the most complete submission among all. Congratulations!
His submission was a bit scattered around but he gave us a well thought out logic to see how feasible to use Wifi as a check-in mechanism as a whole.
Despite his solution was incomplete, his idea of using TOTP(Time-based One-Time Password) was something I didn't think about so it gave us a good inspiration. Even though TOTP does not prevent 100% of malicious attempt, it is a pragmatic approach which could work in a variety of conditions without needing for local WIFI. This could be a useful solution for outdoor events where you cannot rely on Wifi.
Thanks @makoto!
One issue I see with @crisgarner's solution is that it just turns the check in problem into a token distribution problem. Seems like we could just read the events emitted by POAP during distribution anyway.
Just to make a record of the thoughts on discord...
Short term:
QR codes are the only reliable method of users receiving information locally at the venue. The issue then is how to generate these QRs in a simple way and easily feed check ins back to Kickback's api. One option could to encode a "check in" message signed by an event admin which users sign and upload to kickback. Should signatures both correspond to the correct roles in the event then the user is checked in.
This would require a new endpoint on the api to handle the new format of check in proof.
For extra security TOTP through timestamping could be added.
Long term:
FOAM gives a cast iron proof of attendance however it relies on network coverage at the location and sufficient market penetration of phones which can connect to LPWAN (Will this occur?). It also will require attendees to own FOAM tokens in order to check in, although its possible that this could be abstracted.
Thank you for the honor - I hope to come back to make a stand-alone TOTP check-in set of apps: react app w/ user facing & organizer facing components, and a backend w/ GraphQL . If and when I do, I will report back here! Very happy to collaborate on one as well when that time comes (maybe @TomAFrench ? :grin: )
Am I right in thinking we need to ping @vs77bb to mark this as completed?
@NukeManDan, Having a standalone app for generating signed qrcodes of arbitrary data and a server for authentication of them which projects can easily drop in and integrate into existing infrastructure does strike me as useful as it avoids replication of effort. (Not sure how much of this exists in the right form today)
I don't think I'll have much time to work on blockchain stuff in the near future due to other commitments but I can check in in future. The server in my submission could probably be a good starting point, with you just needing to set up the react apps to get it running.
Great news! I just read this.
@TomAFrench token distribution isn't really an issue. I have organized a few meetups and handled POAP tokens, POAP has some nice stickers with unique QR code per token which attendees scan to claim. 3 transactions for a check-in might be an issue. I'm sure it can be reduced to two and with meta-transactions UX can be improved. Using event logs is a good idea worth exploring.
I just pinged Gitcoin team for the payment.
just pinged again.
⚡️ A tip worth 500.00000 DAI (500.0 USD @ $1.0/DAI) has been granted to @crisgarner for this issue from @vs77bb. ⚡️
Nice work @crisgarner! Your tip has automatically been deposited in the ETH address we have on file.
⚡️ A tip worth 200.00000 DAI (200.0 USD @ $1.0/DAI) has been granted to @tomafrench for this issue from @vs77bb. ⚡️
Nice work @tomafrench! Your tip has automatically been deposited in the ETH address we have on file.
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
This Bounty has been completed.
Additional Tips for this Bounty:
⚡️ A tip worth 100.00000 DAI (100.0 USD @ $1.0/DAI) has been granted to @nukemandan for this issue from @vs77bb. ⚡️
Nice work @nukemandan! Your tip has automatically been deposited in the ETH address we have on file.
Just paid out @NukeManDan @TomAFrench @crisgarner -- sorry for the delay all, thanks to each of you for participating in this challenge. Some really great progress in a short period. I'm personally really excited to see this in Kickback!
Prize Bounty
1st : $500 2nd: $200 3nd: $100
Challenge Description
Currently each admin has to manually check in each attendee which have multiple drawbacks.
Can you create a solution to allow attendees into self check-in via GPS, IOT device, “Bump” style peer 2 peer check in, or integrating with other protocols such as https://foam.space/ , http://poap.xyz/ , https://xyo.network/?
Submission Requirements
Submission Deadline
23rd Jan 2020
Judging Criteria
Winner Announcement Date
31st Jan 2020