This library proveTransactions ownership of a Solana wallet to off-chain verifiers.
It is compatible with standard browser wallet adapters, such as sol-wallet-adapter, and can be extended to others.
npm install @civic/prove-solana-wallet
or
yarn add @civic/prove-solana-wallet
prover side:
const {create} = require('@civic/prove-solana-wallet');
const nonce = `${new Date().getTime()}`;
const proof = await create(myKeypair, nonce);
Verifier side:
const {verify} = require('@civic/prove-solana-wallet');
const message = timestamp;
verify(expectedPublicKey, proof, message);
prover side:
const {proveTransaction} = require('@civic/prove-solana-wallet');
const proof = await proveTransaction(myKeypair);
Verifier side:
const {verifyTransaction} = require('@civic/prove-solana-wallet');
await verifyTransaction(proof, expectedPublicKey);
prove ownership of an external wallet (e.g. sol-wallet-adapter). See here for more details.
prover side:
const {proveTransaction} = require('@civic/prove-solana-wallet');
import Wallet from "@project-serum/sol-wallet-adapter";
const providerUrl = 'https://www.sollet.io';
const wallet = new Wallet(providerUrl);
wallet.on('connect', async (publicKey) => {
// once the wallet is connected, we can prove ownership
const signer = (transaction:Transaction) => wallet.signTransaction(transaction);
const proof = await proveTransaction(myKeypair);
});
Verifier side:
const {verifyTransaction} = require('@civic/prove-solana-wallet');
await verifyTransaction(proof, expectedPublicKey);
The create(signMessageFn, message) function signs a message with the provided signing function, then concatenates the message with the string, both in base64 encoded form, i.e. ${messageB64}.${signatureB64}
.
The verify(publicKey, proof) function decodes the message and signature from the proof, and uses nacl to verify that the given public key signed the proof.
The proveTransaction() function generates a zero-value transaction, and signs it with the wallet private key. For the transaction to be verified by the verifyTransaction() function, it must:
- have ony one instruction: SystemProgram.transfer
- be zero-value
- be self-to-self (i.e the sender and recipient are the same)
- have a recent blockhash on mainnet
- but not be broadcast to mainnet
These measures increase the security by reducing the likelihood that an attacker can either coerce the wallet owner to sign a transaction or intercept a broadcast one.
The proveTransaction and verifyTransaction functions can be configured as follows:
Default: mainnet-beta
The cluster that should be used when generating and verifyTransactioning proofs
Default: confirmed
When checking that a proof transaction has not been transmitted, the commitment to be used, i.e. the degree to which the transaction is finalised by the network
Optional Default: empty
If the cluster is not a standard solana public cluster, this map provides the cluster URL to connect to. Use this when the proof may contain a cluster that is not recognised by solana's clusterApiUrl function.