Skip to content

Latest commit

 

History

History
67 lines (56 loc) · 3.38 KB

TODO.md

File metadata and controls

67 lines (56 loc) · 3.38 KB

TODO

Automatic bounds detection

Use Z3 to automatically find the largest integer that makes some program work on a given network combination.

Determine the maximum sizes for each integer at a phase before representation selection, so that the program will automatically be optimized for the right size? Yet on some networks, do it with a granularity that allows sharing with more users? e.g. on Ethereum, keep 96-bit or 128-bit amounts so you can share the contract, when the contract is general-purpose enough? (How do we know it is, though?)

Interface

Start from the functionality of Alacrity. See what other webdevelopment platforms offer. Watch particularly our rivals from Truffle, Scilla, etc. Drew suggests implementing it with Quasar?

Infrastructure

Use Nix flakes to deploy. https://www.tweag.io/blog/2020-07-31-nixos-flakes/

Deal with forks

Both forks as in rival blocks or 51% attacks that succeed, where only one fork is valid, but which may change, and forks as in a new network is started and both forks are valid, each in its own separate universe.

Implement a good internal wallet

  • Support having the secret key ring as an encrypted database
    • Encrypt the entire private key database with gnupg and decrypt it with gnupg-agent?
    • Or encrypt individual entries with gnupg instead?
    • Have a key database, not just a json file, so we can write ephemeral keys? Or have a separate database just for ephemeral keys?
    • On iOS and Android, use secure storage. On Browser, use IndexedDB.
  • Use memory-hardening to make sure secret key information is overwritten in memory immediately after use and never copied around by the Garbage Collector while live (which should last as short as possible). This requires support in gerbil-crypto, gerbil, OpenSSL, etc.
  • Support having (master) keys in hardware wallets, trusted platform module, or yubikey.
  • Support many types of keys, not just plain ethereum keys
  • Move some of this support to gerbil-crypto ? Nah, secrets and HD wallets go across networks, so not just gerbil-ethereum.
  • Making key theft harder:
    • Use memory hardening for cryptographic keys that control assets.
    • Use ulimit to prevent coredumps for any process holding those keys
    • Move those keys to their own process and communicate over RPC, so they are never in the same process as something else?