CB-2Q23-04.1 : sBTC Stacks-Signer Management Tool UI

[will-corcoran]

Discussed in https://github.com/stacksgov/Stacks-Grant-Launchpad/discussions/842

^{Originally posted by will-at-stacks March 17, 2023}

Introduction:

Maintaining a well-decentralized graph of Stacks follower and mining nodes is important to the health of the Stacks network. Stacks 3.0 will require stackers to run a new signing application. Current users who are unable to securely run a signer application may be incentivized to delegate their signing responsibility. While potentially more convenient, delegating signing responsibility reduces the number of independent entities responsible for securing the sBTC threshold wallet and lowers decentralization.

Critical Bounty Mission Statement:

To address these challenges, this Critical Bounty seeks a solution that provides sBTC Stacks-Signers a simple web-app interface by which they can sign transactions related to:

• Depositing funds
• Withdrawing funds
• Casting votes
• Propose elections (related to sBTC script security, fee recovery parameters, and Nakamoto release related block production rules)

This will allow a wide range of Stackers/Signers to participate directly in the sBTC Threshold Signature protocol in a trustless manner. This application will have a high security consideration.

Functionality / Deliverables (shall include, but not be limited to):

• The sBTC Stacks-Signer Management Tool shall be a Hiro Wallet- or Stacks Connect-authenticated full-stack application consisting of: — Typescript React-based web front-end — Typescript Deno-based back-end
• The back-end business logic should be implemented in Typescript and provide for wrapper Rust library and binary to spawn the serving process.
• The user’s wallet would sign a message provided by the back-end providing proof-of-knowledge of the Stacking address private key.
• Communication between front-end and back-end applications to be mediated via HTTPS
• The sBTC Stacks-Signer Management Tool shall comply with sBTC-related requirements including, but not limited to:
• Ability to monitor sBTC Stacks-Signer health and metrics via RPC-API
• Ability to provide secure access control to Stacks-Signers via password or cookies, similar to Bitcoin-node and/or Stacks-node RPC API’s
• The sBTC Stacks-Signer Management Tool code repository shall provide: — Full documentation — Integration tests — Continuous Integration / Continuous Deployment infrastructure via Github Actions
• Rust integration: — rustfmt, rustc, tests — Documentation and publishing to docs.rs — Crate publishing to crates.io
• Product 'roadshow', feedback, and improvements: All recipients will be responsible for demonstrating functionality, championing early adoption, gathering feedback, and making one to two rounds of high-impact, feedback-based improvements.

Required Knowledge / Skills:

• Demonstrable experience building full-stack applications using Typescript and React or Svelte
• Strong familiarity with Rust
• Familiarity with Dune is helpful, but not required

References:

1. sBTC Whitepaper
2. Stacks Nakamoto Release Whitepaper
3. sBTC project dashboard
4. Clarinet Docs (reference for design system req’d for Typescript applications wrapped within a Rust application)
5. TM Repo (code & documentation standard)

Critical Bounty Fee:

• Maximum Fee: $26,000

Reviewers / Advisors:

Igor Sylvester, Core Engineering Lead, Trust Machines Mike Cohen, EcosystemDAO Andre Serrano, sBTC Resident and sBTC Go To Market Working Group Lead Jesse Wiley, Integration and Security Lead, Stacks Foundation Kenny Rogers, Developer Advocate, Stacks Foundation Will Corcoran, Grants Lead, Stacks Foundation

Additional Comments:

Recipient will be expected to attend sBTC Core Engineering Working Group calls while the bounty is in development and provide weekly updates.

APPLY HERE

---

NOTES ABOUT CRITICAL BOUNTIES:

If you have thoughts, questions, or comments on the rough outline for this Critical Bounty above, please comments below.

Please note, all 2023 Q2 Critical Bounties that have funding approved for them will be moved to the Issues page (here) on Tuesday 03/21/2023.

Some procedural items to keep in mind with 2023 Q2 Critical Bounties:

1. Each Critical Bounty will have a pre-approved minimum and maximum budget listed within the issue.
2. All applications will be submitted via a BlockSurvey which will be linked within the Issue.
3. Applications will be open from 03/21/2023 to 04/03/2023.
4. Critical Bounty applications will be reviewed by relevant members of the sBTC Core Engineering Team and technical staff from the Stacks Foundation.
5. The selected recipient will be the low, qualified bidder (in the eyes of the reviewers).
6. Selected Critical Bounty recipients will be announced on 04/07/2023 and will be expected to start work immediately and attend sBTC Core Engineering meetings to provide weekly updates on their work.