witnet / witnet-solidity-bridge

Witnet Bridge for EVM-compatible blockchains

MIT License

60 stars 24 forks source link

Assess Obscuro integration #401

Closed Tommytrg closed 6 months ago

parodyBit commented 8 months ago

https://docs.ten.xyz/docs/category/introduction

guidiaz commented 8 months ago

It seems like you need to subscribe to some sort of private rpc gateway called "Ten Gateway" in order to get your metamask, and hopefully our own rpc gateway, to connect:

https://testnet.ten.xyz/

However, both the Ten Testnet, and the Ten Testnet Faucet seem to be out of service right now:

https://tenscan.io/

guidiaz commented 7 months ago

Ten performs bytecode execution in the EVM identically to Ethereum, allowing developers to leverage their existing codebase and tools. The main difference and advantage of Ten is that on Ten, during execution, private variables and the internal state of the contract are hidden from everyone, including node operators and the sequencer. The calls to getStorageAt are disabled, so all data access will be performed through view functions which are under the control of the smart contract developer. Public variables are accessible to everyone because Solidity automatically generates a getter function for them.
Ten has specific event visibility rules:
- Lifecycle events without an address parameter are public.
- Events with an address parameter related to an account are private.

This particularity does not affect the events thrown by the WRB. We could eventually consider to exploit somehow this awesome feature.

Secure RNG in Ten:
- Immediate Randomness: No delays.
- Unpredictability: Random numbers are based on an inaccessible private seed.
- Simplicity & No Extra Fees: Every transaction gets its random seed.

We should not bother deploying the WitnetRandomness contract.

guidiaz commented 7 months ago

Supported JSON RPC Methods by the TEN gateway:

eth_blockNumber
eth_call
eth_chainId
eth_estimateGas
eth_gasPrice
eth_getBalance
eth_getBlockByHash
eth_getBlockByNumber
eth_getCode
eth_getLogs
eth_getTransactionByHash
eth_getTransactionCount
eth_getTransactionReceipt
eth_sendRawTransaction

For websocket connections, additional API methods include:

eth_subscribe eth_unsubscribe

Currently, the sole supported subscription type is logs.

guidiaz commented 7 months ago

Sensitive JSON-RPC API Methods:

Of the methods above, the following are deemed sensitive, and their requests and responses are encrypted in transit:

eth_call: Response can only be decrypted by the owner of the account in the request's from field
eth_estimateGas: Response can only be decrypted by the owner of the account in the request's from field
eth_getBalance: Response can only be decrypted by:
- For account addresses: The owner of the account
- For contract addresses: The owner of the account that deployed the contract
eth_getLogs: Response can only be decrypted by the owner of the account, and only includes logs relevant to that account
eth_getTransactionByHash: Response can only be decrypted by the signer of the transaction
eth_getTransactionCount: Response can only be decrypted by the owner of the address
eth_getTransactionReceipt: Response can only be decrypted by the signer of the transaction
eth_sendRawTransaction: Response can only be decrypted by the signer of the transaction

guidiaz commented 7 months ago

Hosted Gateway

The Ten Gateway is a critical application that facilitates communication between a Ten node and various tools that require a connection to it, such as MetaMask. Due to the encryption of data within a Ten node, direct communication is not feasible.

The program conforms to the Ethereum JSON-RPC specification (Ethereum JSON-RPC Specification) and so, it enables witnet/web3-jsonrpc-gateway to interact w/ the Ten blockchain.

Endpoints

GET /join: generates a key-pair, saves it in the (Ten Gateway's database), derives an encryption token from the keys, and returns the encryption token.
POST /authenticate?token=$EncryptionToken: enables the addition of multiple addresses for each encryption token. Prior to saving, it performs several checks on the signature and encryption endpoint. Example of the POST request body:
```
{ 
"address": "0xEF1C76228AeaDE07B74eA4a749d02f539cCff16a", 
"signature": "0x781699d25d62ebaa3cc0901ac1fd9fda4e7e3b143bee854b262434e3e22021d1607b5680924ac439dec9838344d6785100c7043312cec07b7fd1e9d26983f69f1b" 
}
```

guidiaz commented 7 months ago

Related PRs:

https://github.com/witnet/web3-jsonrpc-gateway/pull/70

guidiaz commented 7 months ago

Assessment conclusions:

W3GW adapted to Ten Gateway
Customized WRB where query reading methods are authenticated

Implications on DFE:

Will have to connect to the W3GW instance running on AWS for Ten (just like in Conflux Core and Reef chains)
Web3 calls to legacy (WitnetPriceRouter, WitnetPriceFeed) and new WitnetPriceFeeds may possibly need to specify the from filed

guidiaz commented 7 months ago

Ask to Ten dev-support channel:

I'm getting this error "unable to create VK encryptor - unable to create vk encryption for request - invalid viewing key signature for requested address" when trying to upgrade a proxy contract from a web3 console (from the same EOA that was used for deploying both the proxy and the logic contract)