-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Crypto faucet #35
Comments
@rndquu I can start and have this finished today if you think I should put a rush on it I'm thinking that we should also build it so it's reusable for other partners too and not just for our specific use-case sorry for the tag, I was thinking out loud and was a silly remark I was about to make
So we have
|
So we can put a time estimate of 1 day here? I don't think we should put a rush on it. @0x4007 rfc
Yes
I don't think
|
Is ubiquity going to be the primary source that a user registers at? So in terms of a partner opting to install this, they'd need to follow the same AA approach that we do right? I have made additions such as ERC20 distribution etc but it would require that the partner use this plugin as their registration command too. I have attempted to implement the decentralized storage solution and so it means that it's user base would be nil and they'd need to go to the portal to register but then that would store it in the So will ubiquity's |
No all data storage should be in every partner's ubiquibot-config repo in plain json storage. |
Okay this is my understanding of things correct me if I'm wrong
in this scenario, no AA so it's straightforward to register.
So in my mind the correct flow should actually be this:
It potentially adds friction or inconvenience to the user but we simply cannot achieve partner-based storage with an AA flow without potential errors. i.e I do not think it is safe to use a query param when we comment |
Why not?
It's no problem. If Keyrxng is motivated to handle this right now then they are free to put a rush to it I'd rather have high contributor engagement across multiple initiatives vs low contributor engagement on a single focused task. Everything needs to get done eventually and we don't have any short term deadlines at the moment. |
Well there is no restrictions to registering with a partner but all registrations are clearly visible with a comment on an issue that cannot be missed. We know we just got a new user. With a query param, a user could register for any partner without notice. Idk how much of an issue this actually is but it doesn't seem right. We could ensure an empty entry with their username actually exists in that org first? But if this is not an issue then I guess a query param might be okay for this purpose Which raises the scenario:
We do not have cross-partner account checks. We do not keep a centralized record of registered accounts. The portal however could notice that a passkey exists (unless on a different device) but we'd have no way to attribute that passkey (account) with a particular org. So I think so long as we enforce a Github login and entropy is not partner-related we should be able to generate the same EOA and store it across partners. I'm confident. In all cases the frontend will need to fetch from the partners private repo, how do we have access to that without using the bot token? Also is it secure to fetch, parse and save new data from their private repo? We naturally have access to their actual config with sensitive data. If handled server-side I assume so but this probably needs investigated right? alternatively, we generate the account only and require that the user return and use the
Good to know.
Yes. Jk but I do feel in-the-zone with plugins at the moment so I'm letting the wind carry me |
Sounds good, it's simple enough for v1 "gasless payouts" (although adds 1 more registration step for a user). Handling multiple partners, their own json storages and backend for Besides json storage SDK is not ready yet. |
If @0x4007 accepts this flow for v1 "gasless payouts" (i.e. our minimal version of account abstraction) then I'll close ubiquity-os-marketplace/command-start-stop#22 as "not planned". |
@rndquu seems fine I just wish that our UI could directly write to the database instead of the user needing to register their wallet after. The less steps the user needs to take the better the user experience. We will need to notify on our UI that their wallet has been updated to 0x.... |
I think we can start simple and leave the "save wallet address to a DB at safe.ubq.fi" feature for |
We have plans for generating contributors' ethereum wallet private keys via webauthn passkeys in order to make reward claiming "gasless". So the flow for a contributor could be:
/register
command (handled by the faucet plugin). The bot replies with smth like "Pls register your account at safe.ubq.fi".safe.ubq.fi
, generates a new passkey, we derive user's private key and public address, user's newly generated wallet address is saved to a DB.There already exists a faucet worker at https://github.com/ubiquity/faucet. We need to wrap https://github.com/ubiquity/faucet into the bot's plugin.
So as a part of this issue the faucet plugin should:
register
(or similar) command in order to show to a contributor the "Pls register your account at safe.ubq.fi" messageOriginal comment.
The text was updated successfully, but these errors were encountered: