-
Notifications
You must be signed in to change notification settings - Fork 212
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
new smart wallet #6084
new smart wallet #6084
Conversation
930e7de
to
eb052cd
Compare
Let's please be sure |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
solid progress!
); | ||
|
||
// @ts-expect-error faulty generic typedef | ||
wallet.executeOffer(offerSpecCapData); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
await
? ah. no. We shouldn't rely on getting a promise for the result. Seems worth documenting with void
if not a comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you mean document at the callsite? the docs on executeOffer
already say it's a synchronous function:
* @returns {void} when the offer has been sent to Zoe; payouts go into this wallet's purses
@turadg here's hoping the results of this work don't have memory performance issues such as |
1a58fc0
to
cfd2b19
Compare
@@ -149,7 +149,7 @@ export const start = async (zcf, privateArgs, baggage) => { | |||
/** | |||
* @param {ZCFSeat} seat | |||
* @param {Amount<'nat'>} given | |||
* @param {Amount<'nat'>} [wanted] | |||
* @param {Amount<'nat'>} [wanted] defaults to maximum anchor (given exchange rate minus fees) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just curious, when would you want anything less than the maximum?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure myself. A case I can imagine is that if you want a certain amount and you don't know the fees you give a surplus and rely on the contract to only take what's necessary for the want.
/** | ||
* | ||
* @param {AmountKeywordRecord} amountKeywordRecord | ||
* @param {(brand: Brand) => ERef<Purse>} purseForBrand |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Rename to getPurseForBrand
(here and below). I thought that this was just a single purse reference based on the name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The function does just look up a single purse for a single brand.
* @returns {void} when the offer has been sent to Zoe; payouts go into this wallet's purses | ||
* @throws if any parts of the offer can be determined synchronously to be invalid | ||
*/ | ||
executeOffer: capData => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess this purposely doesn't handle attestations for now right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, not in scope for PSM launch. @dckc will supporting that affect the API?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@samsiegart remind me how we represented "this offer should include an attestation" in our acceptOffer
argument?
51a456a
to
c74df81
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just a few comments here and there. I haven't managed to read through the whole thing.
* | ||
* @type {MapStore<Brand, ERef<Purse<'set'>>>} | ||
*/ | ||
const brandPurses = makeScalarBigMapStore('brand purses', { durable: true }); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It still seems like we could reduce the scope of this by, for example, moving it along with publishPurses
later in the file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good idea. For auditability I tried to gather the state and for upgradability I tried to gather precious state. But it would be better to have a comment explicitly about state requirements and let them be defined in the most advantageous place for safety.
75371b5
to
b63bf9f
Compare
6c2c725
to
d70db59
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oops; forgot to submit these comments...
20f897d
to
abfb448
Compare
c4c5009
to
5b570fb
Compare
5b570fb
to
994eed3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work!
994eed3
to
9b85ce3
Compare
9b85ce3
to
708972f
Compare
closes: #4488
Description
A whole new Smart Wallet contract. This builds on the design and code of the agsolo wallet but the fresh start reduces the code surface to audit for PSM launch. It's also designed from the ground up for POLA and to take advantage of marshalling contexts instead of board ids.
Some features that aren't needed for PSM launch have been omitted and filed for future work:
And these are still needed for PSM launch:
Security Considerations
This let's anyone send a message to the contract that can execute arbitrary offers on a wallet instance. It relies on the bridge handler to ensure that the only messages that reach a wallet come from its owner.
Documentation Considerations
New docs including an attackers guide.
Testing Considerations
New tests