status-desktop icon indicating copy to clipboard operation
status-desktop copied to clipboard

Published 20 hours ago verified publisher icon status-im

[Epic] Wallet Connect MVP

Open alexjba opened this issue 5 months ago • 1 comments

Content

Story Priority Status Details
Add SIWE to sign-in via Wallet Connect High ✍️ User Story Review The connection establishment flow with dApps implementing the sign in is fragile without implementing SIWE. SIWE allows the user to easily authenticate
Ensure Wallet Connect complies with EIP and WC standards in terms of API implementations High ✍️ User Story Review Analyse and implement the required APIs based on standards and best practices
Fix transaction issues High ⌨️ Dev ready Fix the bugs preventing the user to complete some transactions
Sign and transaction request expiration High ✍️ User Story Review Don't allow sign or transaction actions if the request has expired
Session expiration Low ✍️ User Story Review Try to extend a session before expiry. Otherwise delete the session
Proposal expiration Low ✍️ User Story Review Avoid accepting expired connections
Metrics for Wallet Connect Low ✍️ User Story Review Sending analytics messages from critical flows
Release preparations High ⌨️ Dev ready Prepare the DB indexes and Enable WC by default

High priority are the tasks needed for the release Low priority are nice to have in the release

Details

Add SIWE to sign-in via Wallet Connect

UI tasks:

  • [ ] #16317
  • [ ] #16319
  • [ ] #16320

Integration tasks:

  • [ ] https://github.com/status-im/status-desktop/issues/14996

Bugs:

  • [ ] https://github.com/status-im/status-desktop/issues/15704
  • [ ] #16113
Abstract


Sign-In with Ethereum describes how Ethereum accounts authenticate with off-chain services by signing a standard message format parameterized by scope, session details, and security mechanisms (e.g., a nonce). The goals of this specification are to provide a self-custodied alternative to centralized identity providers, improve interoperability across off-chain services for Ethereum-based authentication, and provide wallet vendors a consistent machine-readable message format to achieve improved user experiences and consent management.

Replacing centralised standards:
Replaces eg entering a phone number and receiving a code via text to prove you own/ have access to that phone number. Connecting is similar to entering the phone number. Signing is similar to entering the confirmation code you received on that number. In the sign in case, the way to do it is by generating a cryptographic nonce for you to sign with your private key. That signature proves without a doubt that you are indeed the owner of your wallet. 

Notes


SIWE enables users to easily sign in to dApps by authenticating with their wallet.

The plan is to support SIWE standard message format as specified in ERC-4361. When the dApp prompts a user to sign a message that follows the SIWE format, we should parse the message and give the user this human readable dialog to sign into the dApp.

Not just for Ethereum - work with L2s and other EVM-compatible chains Spruce leads it’s development 
(🔗 article from Spruce) SSX enables developers to configure the fields of their SIWE message using the siweConfig option. This option allows you to overwrite the fields found in the SIWE message

Useful links

🔗 Figma 🔗 ERC-4361: Sign-In with Ethereum  🔗 SIWE (MetaMask article) 🔗 SIWE (MetaMask dev) 🔗 ERC-4361: Sign-In with Ethereum 🔗 Wallet connect One-click authentication

Ensure Wallet Connect complies with EIP and WC standards in terms of API implementations

UI tasks:

Integration tasks:

  • [ ] https://github.com/status-im/status-desktop/issues/16180
  • [ ] #16316
  • [ ] Handle proposal expiry
  • [ ] Handle sign/transaction expiry
  • [x] https://github.com/status-im/status-desktop/issues/15916

Bugs:

  • [x] https://github.com/status-im/status-desktop/issues/16020
  • [x] https://github.com/status-im/status-desktop/issues/16114
  • [ ] https://github.com/status-im/status-desktop/issues/15636
Useful links

https://docs.walletconnect.com/walletkit/best-practices

#

Fix transaction issues

Bugs:

  • [x] https://github.com/status-im/status-desktop/issues/16096
  • [x] https://github.com/status-im/status-desktop/issues/16063
  • [x] https://github.com/status-im/status-desktop/issues/16117
  • [ ] https://github.com/status-im/status-desktop/issues/16004

Sign and transaction request expiration

UI tasks:

  • [x] #16314

Integration tasks:

  • [x] #16315

Bugs:

  • [x] https://github.com/status-im/status-desktop/issues/16114
Notes

Notes for development

Request expiry parameter recently added by WC to allow dApps to extend the previously hardcoded 5min window:

🔗 WC github feat: optional request expiry #1851 Added an optional expiry parameter to session requests where a number between 300 & 604800 seconds (5 minutes min - 7 days max) can be specified to extend a request timeout

Useful links

🔗 Figma

Release preparations

  • [ ] https://github.com/status-im/status-desktop/issues/15673
  • [ ] https://github.com/status-im/status-desktop/issues/14975 |

alexjba avatar Sep 11 '24 11:09 alexjba