Guys, thanks very much for the feedback! Very good points raised and it’s good to finally get discussion rolling on this.

I’m going to experiment on my end to see if I can address some of the concerns posted. I have a few ideas that hopefully, at minimum, can bring us to security parity (if not beyond) the “WebApp Wallet” approach that is currently used (where BCH is deposited temporarily into a WebWallet and contracts/txs are constructed). Will report back in a few days once I’ve tested feasibility and determined complexity of this.

To cover this, we probably want to avoid any direct signing operations in the spec (i.e. all sign operations MUST do the SHA256 themselves sign(sha256(message)) to prevent a hash being passed in).

But there’s another slight risk to this: as @sahid.miller pointed out to me, more often that not, a message that is being passed in to be signed is already going to be encoded (thus, not really human-readable). Therefore, a malicious service could still pass in a full transaction for us to sign(sha256(transaction)). Most users (myself included) probably wouldn’t recognise this.

As mitigation, we might be able to detect this by mandating a check of the message. Something like so:

function doesMessageToSignLookMalicious(message: Uint8Array): boolean {
  // Attempt to decode the message as a transaction (LibAuth example).
  const decodeTransactionResult = decodeTransaction(message);

  // If a string is NOT returned, then this message is encoded as a transaction and is LIKELY malicious.
  if (typeof decodeTransactionResult !== 'string') {
    return true;
  }

  // Otherwise, it's not a transaction (not malicious).
  return false;
}

Are there any similar cases that anyone can think of that could be dangerous like this? Or perhaps specific sigHash cases (I think the Covered Bytecode always includes the tx version, locktime, etc, so it should always have to be encoded as a transaction)?

Very important initiative Pat! Will be reviewing your open PR to add wallet connect v2 to Cashonize, hoping to have it merged soon!

The Paytaca browser extension and newly released Zapit browser extension both use the same “Connector interface” as wallet connect but it would be good if we can fully converge on the wallet connect standard.

It is interesting to think about the tradeoffs with a built-in webwallet (like BCH Bull) which only holds a limited set of funds an directly forwards that to a smart contract. I think wallet connect helps a lot in that wallet information is communicated automatically (the wallet address and hence the UTXOs which gives the wallets balance and unique tokens). The big improvement in security will only come when the wallet understands what smart contract template the web3 app is using, otherwise it is still signing transactions without understanding their full context.

In short, I think wallet connect v2 is the way forward for smart contract apps on BCH. We should attempt to attempt to extend the specification so it supports the different smart contracts we can anticipate, we should try to converge on wallet connect v2 for different wallets across the BCH ecosystem, and finally we should strive to keep improving the set-up with templates, so wallet can start to recognize the specific transactions they are signing.

Hi all, just reporting back with a quick summary/dot-points of my thoughts/experiments. Happy to expand on any of these if anyone would like more info, but will try to keep this summary relatively concise.

1. To achieve good security, we really need a flow/templating engine (one RPC call, multistep).
2. We would want wallets to be able to somehow support whitelisting this template/RPC payload.
   1. This could be done by SHA256 hashing the template and then looking up that hash in a trusted directory (or could be hard-coded in wallet - but former is probably better).
   2. The hashing would have to allow specific variables to be omitted (e.g. imagine an expiresAt/maturesAt parameter in a contract - or an OracleMessage).
3. @bitjson is already working on a template schema which looks very good but is still WIP (?).
   1. Once complete, we could probably use WC as a transport for Jason’s templates.
   2. Jason’s templates use the concept of entities - may be able to support multi-entity if we assume one participant is the “co-ordinating party” (i.e. each entity sends to the co-ordinating party/entity and that party relays what’s needed to other entities). Would need to think more on this.
   3. Implementation into WebWallets that use LibAuth should be very easy (LibAuth supports these already) - other wallets/languages will be more complex and we will likely need to be build parsers (probably high-effort).
4. My recommendations for now:
   1. We proceed without support of templates and mark current RPC’s as experimental (with intent to deprecate). This lowers security but allows us to experiment with different CashToken use-cases. Later, once finalized/stable, we look at an RPC to support Jason’s templates.
   2. We try to keep the current RPC minimal to allow easy integration into other Wallets (we don’t want a situation where this proto is hard for wallets to implement and support for specific features across wallets becomes patchy).
   3. We add a bch_compileScript (or similar) RPC parameter so that we can support lockscript compilation (think of CashScript Contract’s constructor - sometimes we need user’s Pubkey or a Datasig when trying to build a contract address).
5. On my end, I’m working on a few things:
   1. A BCH WalletConnect TS/JS library for easy integration into wallets. This is to try ensure we maintain interoperability between wallets. The idea is that the necessary hooks will be passed into the constructor (e.g. approveSignTransaction: (...) => { ... }) but the rest of the logic/RPC can be handled by the library. It should also make it easier to see what’s required to port to other langs (or build custom implementation if so desired). Hoping to have code up for this next week.
   2. I’m toying with a basic template/flow RPC currently. This is, at most, a stop-gap and I’m not sure we’ll ultimately want to integrate this. The idea here is to propose a template engine that’s easy/simple to port across languages in case we need it. Timeline for this is longer - I’m not treating it as priority, just something for consideration in case we do need a stop-gap between now and LibAuth Templates that’s more secure than current approach.

Hi all, sorry for radio silence, just want to provide a brief update.

1. Originally, I thought that maybe we should keep WC as a “dumb signer” (dependent upon Private Keys only), but @sahid.miller has persuaded against this. It is probably best to have the capability for WC to be (optionally) provided with UTXOs by the wallet. This enhances security, privacy and (probably) reliability.
   1. With CashTokens, selecting appropriate unspents (and adding change) becomes more complex. There is a lot of room for error if the service is selecting UTXOs and could easily lead to accidentally wiping out a user’s tokens (omission of token change output).
   2. Enhances privacy: Service cannot see all of the users unspents and addresses (pertinent when it comes to HD Wallets). This means we’ll likely want an explicit bch_getBalance_V0 like call as the service will not longer be able to calculate balance itself (this RPC should also allow parameters to retrieve token balances).
   3. Enhances security (and probably simplicity): It should be (relatively) trivial for a wallet to show a user how much of their own funds (wallet-controlled unspents) are being drained with a given transaction.
   4. This may also allow us, in future, to allow WC to allocate each individual service its own Signer Keypair (enhancing privacy/security).
      1. “In future” because there are some complications with this from a service implementation point of view: Service would have to introduce a backend dependency so that it could PROVE it is who it says it is.
2. I’m still working on:
   1. a TS/JS WC Library for easy integration into wallets, but this might be another week or two away as I try to properly flesh out the above.
   2. I might also create a TS/JS WC Library for services - at the very least, I’d like to have the RPC interfaces available.
3. Regarding templates, I’ve noticed that people are familiarizing themselves more with the LibAuth Templates. I probably won’t have support for these in my first (experimental) release of any library, but have been tinkering a bit and think we might eventually want to replace individual RPC methods with a singular bch_authTemplate_V0 RPC call.
   1. For now, we might want to suffix all RPC calls with _V0 to indicate that they’re experimental and subject to change.
   2. For Auth Template variables, we may want to see if Jason can add a “type hint” field - the intent of this is to give a hint to Wallet UI’s as to how a particular data payload should be displayed in the wallet UI for approval (e.g. cash.oracles.priceMessage, unixTimestamp, etc). If a wallet does not support a given hint, it can just fallback to hexadecimal display.

Will try to give another update with some examples in a few days. If any questions, or elaboration on points above desired, let me know and I’ll follow up.

Hi all, just an update:

LibAuth Templates

Some of the contracts I’m testing with are quite complex - and after trying many different approaches (and then realizing they can’t do what we’d need it to do), I’ve eventually settled on using LibAuth templates for the signTransaction/compileScripts calls. This has several benefits:

1. We will hopefully be able to eventually converge on what BitJSON is building (so we don’t end up with fractured standards).
2. CashASM (used by LibAuth Templates) is very flexible/powerful.
3. These templates are hashable - thus, we can provide methods for whitelisting a given template.
4. Code to handle these is pretty simple/clean.
5. With good tooling, it is relatively trivial to convert CashScript Artifacts to LibAuth templates.

On Point 5, I’ve created a rudimentary tool for this here:

https://tools.developers.cash/#/tools/artifacts-to-auth-template

(A more refined and well-thought out version might eventually be integrated direct into CashScript Lib).

Wallet Connect Library

I’m testing the Library I’m building by integrating into a forked version of Cashonize. Cashonize is HTML/VanillaJS and I’m not very efficient at working with that - so it may take me a little longer than anticipated to get a demo out.

However, I just want to give an example of how this library might be used to integrate into other (TS/JS-based) Wallets in future:

const walletConnect = new WalletConnect(
  'yourWCProjectId',
  {
    name: 'Cashonize',
    description: 'Cashonize BitcoinCash Web Wallet',
    url: 'cashonize.com/',
    icons: ['https://cashonize.com/images/favicon.ico'],
  },
  {
    // Session Callbacks.
    onSessionProposal: (sessionProposal) => {
      // Present UI to approve session.

      // Get master WC Private Key from Derivation Path.

      // NOTE: Each service will derive its own Sandboxed Private Key from the given Master Key.
      //       E.g. sandboxedPrivateKey = hash256(Uint8Array([...masterPrivateKey, ...serviceId]);
      //       Where serviceId is the WC Project ID.
      // NOTE: The RPC's are intended to be transport agnostic so, in future, serviceId might refer to a Domain, LibP2P pubkey, etc. 
      // return { masterPrivateKey }
    },
    onSessionDelete: {
      // Notify user that session was deleted.
    },

    // RPC Callbacks.
    // NOTE: Wallet might choose to auto-approve some RPC calls.
    onCompileScriptV0: (session, req, res) => {
      // Present UI to approve RPC call.
    },
    onGetBalanceV0: (session, req, res) => {
      // Present UI to approve RPC call.
    }
    onGetTokensV0: (session, req, res) => {
      // Present UI to approve RPC call.
    },
    onSignTransactionV0: (session, req, res) => {
      // Present UI to approve RPC call.
    },
    
    // Wallet Connectivity.
    getUnspents: () => {
      // Provide Unspents from Wallet to WalletConnect.
      // return unspents;
    },
    getSourceOutputs: (sourceOutputs) => {
      // Provide Source Outputs to WalletConnect.
      // return sourceOutputs;
    },
    getChangeAddresess: () => {
      // Haven't fleshed this one out yet, but will likely need it.
    }
  }
);

// Start Wallet Connect.
await walletConnect.start();

Note that the above is still being fleshed out - so will likely change quite a bit.

Self-shill, but I think it’s valuable. Extended section of the latest BCH Podcast with Emergent reasons dives a lot into the ideas around transaction templates and wallet standards the community can converge on.

I have rewatched it already twice myself.

Hoping to have a write-up and demo available of what I’ve got so far either late tomorrow (Sunday) or Monday.

Just want to write up some tooling too so people can fool around with it.

Any such thing should keep security in mind.

In short, when the user is incapable of looking and understanding at the script or bytearray the “can we sign this thing?” shows, it probably isn’t secure.

Trusting 3rd party things that spend your money is mostly a bad idea.

Hi all, apologies for delay. I’m just working on some tooling and experimenting with a slight refactor in my approach that might allow us (in future) to better support multi-sig/multi-entity contracts.

Basically, for bch_signTransaction_V0, the implementation I have right now returns:

1. The transaction.
2. The redeem script for each output.

The redeem scripts are necessary in many cases because, otherwise, the service would only have access to the Script Hash and would not be able to reconstruct the data required for redemption in a later transaction (or, in some cases, for a Settlement Service).

With a bit of customization to the LibAuth generateTransaction method, we might be able to return resolved variables/scripts instead: This would give us a few advantages:

1. Retrieval of Redeem Script Construction Parameters is simpler (could extract by variable name instead of splitting on PUSH_OP positions).
2. Multi-entity contracts would (probably) become possible in the sense that the bch_signTransaction_V0 RPC could return Resolved Variables even in the case where construction of a fully signed transaction was not possible (in a multi-entity setup, if we assume one party as co-ordinator, I think we may even be able to use this with WC).
3. We can probably eliminate the need for the bch_compileScript_V0 method as we would now have access to variables resolved in referenced scripts (and the scripts themselves?). I was using this RPC as a way to construct a lockscript that could be passed as a locking parameter of another contract).

I need to investigate/experiment a bit more, but provided CashASM parser behaves as follows:

1. A referenced script is returned as a resolved variable.
2. A Bytecode Variable is returned as a resolved variable.
3. Inline evaluations ARE NOT returned as a resolved variable (security).
4. A referenced script containing the same name as a Bytecode variable takes precedence (i.e. overwrites) the value of a resolved variable (not sure if this is really essential, but it allows us to keep some information hidden from the service for datasigs - which might be useful in some cases).

… I think this is possible.

Regarding tooling, I’m aiming for something like this where it can take multiple contracts, combine them into a LibAuth template and then test them in-tool with WC by providing the tx template + data:

image1917×941 164 KB

Should have this tool available to play with by week’s end latest, with a customized version of Cashonize that’ll work with it. Hoping people will be able to test more advanced multi-contract flows to see whether this approach would actually be workable in practice or not.

Thanks all.

Hi all, sorry this is taking a lot longer than anticipated. It’s kind of a “three steps forward, two steps back” exercise where I write an implementation, realize there’s a use-case gap, and then have to redesign and refactor.

To give a brief high-level outline of what I’m going for:

BRIEF OVERVIEW

1. To help preserve privacy (inc. with HD Wallets) and improve security, the Session established between Service (“Dapp”) and Wallet uses a Sandboxed Keypair generated using sandboxedPrivateKey = hash256(sha256(masterPrivateKey) + sha256(domainName)).
2. This PoC uses LibAuth templates. In future, these template can be hashed and whitelisted (trusted) by a wallet. For security, the Service (“Dapp”) can only specify inputs and outputs by their corresponding scripts in the provided template (no raw locking/unlocking bytecode allowed).
3. The Service (“Dapp”) CAN request that the Wallet provides additional UTXOs to automatically meet the Satoshi and Token amounts that are summed in the outputs. In this respect, UTXO selection is done by the Wallet, but the Service can also provide inputs that it knows about.
4. The Service (“Dapp”) CAN request a Wallet’s UTXOs provided they a) contain tokens and b) access to those token category ID’s have been granted upon Session Negotiation (sessionProperties.allowedTokens as an array of category ids or * for ALL tokens). This allows us to support token-specific use-cases (e.g. a particular NFT as input or more vague Crypto-Exchange use-cases).
5. To prevent standards fracturing, the underlying RPC’s are intended to be transport agnostic: They should be applicable to HTTP, LibP2P any other transports (not just WalletConnect). Thus, we should be able to use them for a future HTTP-based Payment Protocols, etc.
6. The hope is that, in future, we will be able to converge with what BitJSON is building. The idea is that a wallet CAN (if the template is natively supported) save the data payloads and use the built-in Wallet UX to execute contract actions. But, for WC, the idea is that the SERVICE (“Dapp”) stores the data associated with a given WC account.
7. There is currently no support for batching requests (or “actions”): We could build this, but BitJSON is working on something similar (“actions”) and we should probably wait to see what his implementation looks like. These will likely replace specifying the transaction manually. NOTE: This is no longer the case and we will need basic batch/actions support. I’m reaching out to BitJSON to see if he knows approx. what this may look like in his implementation so that migration to it is less painful in future, but am going to use a very rudimentary approach in the meantime.
8. Type-hinting is currently hacked into a variable’s description field. We want to think a little about how to handle this as they are not always static (e.g. using oracles.cash, we may set a price - but we want that to show depending upon which Oracle was chosen in another variable according to the scaling factor).
9. Currently, the bch_signTransaction_V0 RPC returns redeem scripts for the compiled outputs, but we want to return resolved variables instead (I think this’ll both simplify things and potentially allow us to support multisig).
10. Accounts are currently identified by address - but there are some benefits we may gain if we use the Public Key instead (e.g. ability to sign and encrypt messages for another user on a Dapp given their pubkey.)

I really hope I can get a tool that’ll be able to demo most of the above by Monday. Assuming my current approach is versatile enough, I think this is realistic. But, if I bump into another use-case gap, might be a bit longer still (apologies).

If any questions in the meantime, please feel free to ask.

Update here:

So here’s the current state of things:

Pat’s spec simply referred to as “WalletConnect” (WalletConnect + Paytaca Connector interface) has been implemented in 3 BCH wallets: Cashonize, Zapit and Paytaca.
The protocol is used by multiple dapps: Tapswap, CashTokens Studio, Cash-Ninjas mint with a few more in the works

Jim’s spec called “CashConnect” (WalletConnect + CashRPC) has been merged into mainline Cashonize but the spec is still marked as pre-alpha.
CashConnect is used by the BCH Guru price prediction game and by the CashRPC IDE

And then there is still the custom Paytaca Connect which is used by the bitcats and available as a 2nd option in the CashTokens studio. Paytaca connect was used by the Paytaca browser extension and was pioneering wallet connect functionality on BCH. Now it can be phased out, as Pat’s wallet connect spec is more general than for just browser extensions.

Without really knowing too much about it, I was impressed by Pat’s spec, and have been blown away by Jim’s spec, even at this early stage. The Guru beta is amazing. Can’t wait until we have that implemented across the ecosystem, and this is only the early version (a bit of work on just the UI to have more helpful links and info would already be a big step forward).

I maintain a list of BCH walletConnecta apps at Tokenaut.cash, it has been growing steadily through-out 2024, so the protocol is positioned to play an important role on BCH going forward.

There is a 4th wallet with support for BCH Wallet Connect on the way: Electron Cash. It will have WalletConnect support through an EC plugin but this is planned to be merged into the mainline wallet eventually.

In the Elecron Cash group the developer, ‘OPReturn’, wrote:

I think the alpha version for WalletConnect plugin for EC is almost ready. Doing final testings. Hopefully I’ll be able to do a release this week.

There’s now 10 dapps using the BCH WalletConnect protocol

The WalletConnect plugin Electron Cash also has been released in alpha version by now so that means 4 supporting wallets (link to the plugin)

Paytaca Connect is also being deprecated as a separate standard and will shortly be removed from Tapswap and from the CashTokens Studio as a user-option.

This means there is strong standardization of the BCH ecosystem around the WalletConnect standard which is great news for users and developers.

CashScript now also has a WalletConnect guide for contract developers to get started using the standard in their dapps.

has anyone been able to migrate from the deprecated “@walletconnect/modal” library?

Cashonize and Selene are using @reown/walletkit and @walletconnect/core:

Selene reference (basically a direct rip from Cashonize adapted for Selene’s architecture):

There’s this recent migration blogpost by Reown for the deprecated @walletconnect/modal library: WalletConnect Modal to Reown AppKit Core - Reown Docs

It seems the new library is @reown/appkit/core and you create the modal with a createAppKit function. The styling of the modal also seems to have changed somewhat.

@kzKallisti those are the libraries on the wallet side, Dagur as an app dev is asking about the libraries for the dapp side (the modal library used to display the walletconnect qr code)

oops my bad, thanks for the correction