Closed saleel closed 1 month ago
@SoraSuegami Please review.
I totally agree with your simplifications.
If user signup twice, and Relayer didn't check the DB for existing account, user can endup having multiple account leading to undesirable behaviour. However, they can move one account key to another relayer and recover.
I think we can accept this risk for better UX at the account creation and the simpler protocol.
Tradeoff: If the account key of a user gets leaked AND the user sends an email to X (not a relayer) with subject that matches our subject templates, then that X can register as a relayer and execute that email. Likelihood of this happening is low.
Even if the account key is leaked, I think the risk is low that the user sends an email matching our subject templates to X (a malicious party).
What are the odds of someone sending "Send 1 USDC to recipient@gmail.com" for other than using email wallet?
I think the odds of sending emails with the Send (and any well-used) subject template are low. However, if there are multiple email wallet contracts on different L1/L2 networks or forked blockchains, the same email can be used to execute the same transaction on multiple contracts. It has no effect in most cases, but we cannot say that in general. (As a different issue, if Ethereum is forked, the email wallet user will also hold ETH on the forked Ethereum, and a malicious relayer can send ETH both on the original and forked Ethereum using the same email.)
Protocol simplifications (based on discussions)
1. Remove pointer
CODE {AccountKey}
multiple times, which can be assumed to not happen.2. Remove relayerRand from account key commitment
3. Do account creation + initialization in one step
4. Remove transport mechanism