-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathindex.html
423 lines (384 loc) · 24.8 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
<html>
<head>
<title>Helios Timelock Dapp</title>
<script type="text/javascript" src="https://unpkg.com/json-url@2.3.1/dist/browser/json-url.js"></script>
<script>
//if you change maintainer, or helios code this will change!
const smartContractAddress="addr_test1zrlm8nxynh6k3nkehfz6fa3haj40sgmyr8n7xrc0ezq0k28nawvrn7emu0nxkvcte8fjz02f3s7krg07fvekn8cymnjsanplsx"
const amountToLock=2000000;
let handleLock = () => { };
let handleUnlock = () => { };
async function main() {
//GameChanger Scripts (GCScripts) are compressed using: https://www.npmjs.com/package/json-url
const lzma = JsonUrl('lzma'); // JsonUrl is added to the window object
const Buffer = (await import("https://cdn.skypack.dev/buffer@6.0.3")).default.Buffer;
const storageId = "timelock";
const storageDefaults = { eutxos: {} };
function htmlToElement(html) {
var template = document.createElement('template');
html = html.trim(); // Never return a text node of whitespace as the result
template.innerHTML = html;
return template.content.firstChild;
}
async function getEUTXOsFromAddress(address){
const response= await fetch("https://d.graphql-api.iohk-preprod.dandelion.link/", {
"headers":{
"content-type": "application/json"
},
"body": "{\"operationName\":\"GetUtxos\",\"variables\":{\"where\":{\"_and\":[{\"address\":{\"_eq\":\"addr_test1zrlm8nxynh6k3nkehfz6fa3haj40sgmyr8n7xrc0ezq0k28nawvrn7emu0nxkvcte8fjz02f3s7krg07fvekn8cymnjsanplsx\"}}]}},\"query\":\"query GetUtxos($where: TransactionOutput_bool_exp) {\\n utxos(where: $where) {\\n txHash\\n index\\n value\\n }\\n}\\n\"}",
"method": "POST",
"mode": "cors"
});
return (await response.json())?.data?.utxos||[];
}
async function syncEUTXOs(){
const eutxos=await getEUTXOsFromAddress(smartContractAddress);
if(eutxos?.length===0)
return;
unregisterAllLocks();
eutxos.forEach(eutxo=>{
registerLock(eutxo);
});
updateUI();
}
function registerLock({ txHash, index, value }) {
if (!txHash)
return;
const dappStorage = JSON.parse(localStorage.getItem(storageId)) || storageDefaults;
dappStorage.eutxos[`${txHash}.${index}`] = { txHash, index, value };
localStorage.setItem(storageId, JSON.stringify(dappStorage))
}
function unregisterAllLocks() {
const dappStorage = JSON.parse(localStorage.getItem(storageId)) || storageDefaults;
dappStorage.eutxos={};
localStorage.setItem(storageId, JSON.stringify(dappStorage))
}
function unregisterLock({ txHash, index }) {
const dappStorage = JSON.parse(localStorage.getItem(storageId)) || storageDefaults;
delete dappStorage.eutxos[`${txHash}.${index}`];
localStorage.setItem(storageId, JSON.stringify(dappStorage))
}
function getLock(lockId) {
const dappStorage = JSON.parse(localStorage.getItem(storageId)) || storageDefaults;
return dappStorage.eutxos[lockId];
}
function listRegisteredLocks() {
const dappStorage = JSON.parse(localStorage.getItem(storageId)) || storageDefaults;
return Object.values(dappStorage.eutxos);
}
async function updateUI() {
const locks = listRegisteredLocks();
const locksContainer = document.getElementById("locks");
const depositBtn = document.getElementById("depositBtn");
depositBtn.innerHTML=`Deposit ${parseInt(amountToLock/1000000)} coins`;
locksContainer.innerHTML = "";
if(locks.length===0)
locksContainer.innerHTML = "no deposits yet";
else
locks.map((lock, lockIndex) => {
const lockElement = htmlToElement(`
<button title='${JSON.stringify(lock, null, 2)}' onclick="handleUnlock('${lock.txHash}.${lock.index}')">
#${lockIndex} Withdraw ${parseInt(lock.value)/1000000} coins
</button>`)
locksContainer.appendChild(lockElement);
});
handleLock = lock;
handleUnlock = unlock;
}
function run(code) {
//generates the URL that is packed with the script
lzma.compress({
//This is a patch to adapt the return URL of the script to the origin that is hosting this html file.
//so this way executed scripts data exports can be captured back on dapp side
returnURLPattern:window.location.origin,
//former gcscript (json scripting)
...code,
})
.then(gcscript => {
const url="https://beta-preprod-wallet.gamechanger.finance/api/2/run/" + gcscript
window.location.href=url;
// //redirect(url);
// const link = document.getElementById("dapp-connector");
// link.href = "https://beta-preprod-wallet.gamechanger.finance/api/2/run/" + gcscript;
// link.innerHTML = "<h2>Run</h2>"
})
.catch(err => {
alert("Error: " + err.message)
});
}
function captureExports() {
//GameChanger Wallet supports arbitrary data returning from script execution, encoded in a redirect URL
//Head to https://beta-preprod-wallet.gamechanger.finance/doc/api/v2/api.html#returnURLPattern to learn ways how to customize this URL
//Always design your scripts in such a way you avoid leaking sensitive information.
//Building wallet-agnostic (user-agnostic) scripts is the proper dapp design pattern, this is not CIP-30
const url = new URL(window.location.href);
const resultRaw = url.searchParams.get("result");
//decodes the returning URL from the wallet that is packed with the script exports
if (!resultRaw)
return;
lzma.decompress(resultRaw)
.then(decodedObj => {
console.log({ response:decodedObj })
if(decodedObj?.exports?.lock){
registerLock(decodedObj?.exports?.lock?.eutxo);
}
if(decodedObj?.exports?.unlock){
unregisterLock(decodedObj?.exports?.unlock?.eutxo);
}
//avoids current url carrying latest results all the time
history.pushState({}, '', "/");
updateUI();
})
.catch(err => {
alert("Error: " + err.message);
});
}
// Dapp Interface:
// Lock and Unlock functions, wrappers to call gcscript files stored on GCFS passing required arguments
// Inside this imported code there is a malicious smart contract design pattern, the official Helios timelock example with an added "backdoor" by the dapp deployer
// It is used to show the importance of GCFS + GCScript for transparency reasons on the Cardano ecosystem
// By not only storing on-chain the opaque built Plutus script, but also the entire on-chain + off-chain code interfacing user wallets
// we can empower users with full auditability of parameterized and deployed source code.
// Because open-sourcing code is not enough, dapp deployments should also be openly stored on-chain to increase security
// you can decode the embedded helios code inside gcscript by using a simple hex decoder like https://gchq.github.io/CyberChef/
function lock(e) {
if(e?.preventDefault)
e?.preventDefault()
const beneficiaryAddress=document.getElementById("beneficiary").value;
if(!beneficiaryAddress){
alert("Missing beneficiary address, you greedy!");
return;
}
const lockUntil =parseInt(document.getElementById("lockUntil").value||0);
if(lockUntil<0){
alert("Time lock must be greater than zero Marty McFly!");
return;
}
run({
"type": "script",
"title": "Deposit Funds",
"description": `About to deposit ${parseInt(amountToLock)/1000000} coins. Only you and the beneficiary can withdraw them after slot number ${lockUntil} (seconds since genesis).`,
"args":{
beneficiaryAddress,
amountToLock:String(amountToLock),
lockUntil,
},
"run": {
"importedScript": {
"type": "importAsScript",
"args":"{get('args')}",
"from": [
"gcfs://1170d12887c70593e40938a5ff1832f9eb2b8e4a328a982621b36a57.HeliosTimeLockDapp@latest://src/deposit.gcscript"
]
}
}
});
}
function unlock(lockId) {
const eutxo = getLock(lockId);
if(!eutxo){
alert("Missing eutxo data on localstorage");
return;
}
const lockUntil =parseInt(document.getElementById("lockUntil").value||0);
if(lockUntil<0){
alert("Time lock must be greater than zero Marty McFly!");
return;
}
const {txHash,index,value}=eutxo;
run({
"type": "script",
"title": "Withdraw Funds",
"description": `About to withdraw ${parseInt(value)/1000000} coins. Only who deposited, and the beneficiary can withdraw them after slot number ${lockUntil} (seconds since genesis).`,
"args":{
"eutxo":{
txHash,
index,
},
"coin":value,
},
"run": {
"importedScript": {
"type": "importAsScript",
"args":"{get('args')}",
"from": [
"gcfs://1170d12887c70593e40938a5ff1832f9eb2b8e4a328a982621b36a57.HeliosTimeLockDapp@latest://src/withdraw.gcscript"
]
}
}
});
}
await syncEUTXOs();
captureExports();
updateUI();
}
window.onload = function () {
main();
}
</script>
</head>
<body>
<div style="text-align:center;">
<img class="image"alt="" style="width: 100%;max-width: 600px;" src="https://ipfs.io/ipfs/bafybeigahh6zprskwuhn3ae7omhwmcpwdtfpixz7buufu3sr4fededqfta"/>
<div>
<span style="width:33.33%;">
<a target="_blank" href="https://cardano.ideascale.com/c/idea/107727">Vote Helios</a>
</span>|
<span style="width:33.33%;">
<a target="_blank" href="https://contrib.dandelion.link">Support Dandelion</a>
</span>|
<span style="width:33.33%;">
<a target="_blank" href="https://cardano.ideascale.com/c/idea/102594">Vote GCFS</a>
</span>
</div>
<h1>🔥 <a target="_blank" href="https://www.hyperion-bt.org/">Helios</a> + GCScript + <a target="_blank" href="https://cardano.ideascale.com/c/idea/102594">GCFS</a> 🔥</h1>
<p>🥳 On <a target="_blank" href="https://gamechanger.finance/">GameChanger Wallet</a> we are happy to announce the first third party language integrated on our DSL: <a target="_blank" href="https://www.hyperion-bt.org/">The Helios Smart Contract Language</a>, a very powerfull and easy to understand DSL to code Plutus validators on Cardano created by Christian Schmitz. To celebrate and share for the first time the big picture behind our design principles, I've coded an educational dapp based on one of the Helios examples:</p>
<h2>⏰ Helios Timelock</h2>
<p>An Owner user makes a deposit on the contract. Only the Owner or a Beneficiary at the right time can withdraw the funds. But there's a catch I won't reveal this early... First try it by yourself. Is Cardano Preproduction Testnet. On <b>GameChanger Wallet</b> if you wait some seconds, an airdrop is presented to you to fund your empty wallets. Or use <a target="_blank" href="https://docs.cardano.org/cardano-testnet/tools/faucet/">Cardano Faucet</a></p>
<div class="frame">
<label for="beneficiary">
<h4>Beneficiary Address</h4>
</label>
<input id="beneficiary" type="text" placeholder="beneficiary address" value="addr_test1qrv2myc3je5q7fxfnajjgj4qnynhdp82rsylnj2lm8yawthnawvrn7emu0nxkvcte8fjz02f3s7krg07fvekn8cymnjsn0kg5x"/>
<label for="lockUntil">
<h4>Lock until slot</h4>
</label>
<input style="width:200px;" id="lockUntil" type="number" min="0" value="10000"/>
<br><br>
<button id="depositBtn" onclick="handleLock()">
Deposit funds
</button>
<!-- <p><a id="dapp-connector" href="#">loading...</a></p> -->
</div>
<div class="frame" >
<h4>Smart contract deposits</h4>
<div id="locks">loading...</div>
</div>
<h2>💥 The Big Picture</h2>
<div class="frame">
<h4>Unmatched Privacy, Auditability, and Interoperability</h4>
<div style="text-align: left;">
<h4>GCScript:</h4>
<p><b>GameChanger Wallet</b> uses a dapp connection stardard than enforces code transparency, auditability and open-source colaboration. Differently from CIP-30 standard, dapps delegate the processing of code interfacing users wallets inside <b>GameChanger Wallet</b>. This very powerfull Domain Specific Language is called <b>GCScript</b> and is pure JSON packed on URLs, ready for web integration, requiring no further Cardano dependencies to work with it.</b></p>
<h4>Multi-device support:</h4>
<p>This powerfull design principle has many benefits, one of them is to provide desktop, mobile and offline support out of the box where no other current standard can do it properly without extra development effort, limited features or serious UX issues</p>
<h4>Privacy Preserving:</h4>
<p>This enhances privacy because dapps no longer need to request user specific data such as balances, utxos and addresses to construct transactions and interact with Web3 applications. This has never been possible before!. Also since 2021 we offered this model to avoid delegating UTXO coin selection and management to dapps as it is a terrible practice!.</p>
<h4>Auditable:</h4>
<p>This enhances auditability because Cardano low level code or data no longer need to be the only way to communicate, instead of binary/CBOR you can work with human readable <b>GCScript</b>, code ready to be interpreted, reviewed and cloned. Also <b>GCScript</b> is designed in such a way it can be presented to end users as coloured permissions on UIs meaning it can be also audited at certain level even by end users, something impossible until today with any other development language (Marlowe only solves smart contracts, this goes far beyond that limited scope). Check how you as a user can audit ALL INCOMMING AND OUTGOING COMMUNICATIONS to the wallet, everything is open by design. Even internal wallet functions are open sourced this way for you to audit and clone the code.</p>
<div style="text-align: center;">
<img alt="edit-in-IDE" style="width: 80%;min-width: 250px;" src="/edit-in-IDE.jpg"/>
</div>
<p>Now imagine if we start storing this <b>GCScript</b> code on-chain, and we import third party code to colaborate and build a greater ecosystem, making code perpetually available for everyone</p>
<p>Well imagine no more. This dapp uses <b>GCFS</b>, our On-Chain File Storage Protocol on Cardano to store <b>GCScript</b> code that is the actual interface to the protocol this dapp uses to work.</p>
<p>So the wallet loads third party code libraries stored on on-chain files and the dapp frontend only takes care of parameterizing their execution. You can view the imported code on any dapp connection on Advanced -> Full Code</p>
<div style="text-align: center;">
<img alt="advanced-fullcode" style="width: 80%;min-width: 250px;" src="/advanced-fullcode.jpg"/>
</div>
<h4>Interoperability and Colaboration:</h4>
<p>This enhances interoperability and open-source colaboration because the on-chain stored <b>GCScript</b> can be imported and combined freely, openly to create upon it, with easy to call interfaces using JSON parameters as "function arguments"</p>
<h4>Enhanced Auditability:</h4>
<p>To ilustrate the importance of this design principle, I've installed a backdoor on the smart contract. The code maintainer injects a key hash to became allowed to withdraw any locked deposit.</p>
<p>Open-source is not enough to keep us safe. Deployments and their parameters should be open as well to prevent all kind of attacks</p>
<p>Because the smart contract <b>Helios</b> code and the <b>GCScript</b> embedding it reside inmutable on-chain we can spot the exploit and nobody can hide it from us nor modify it to cover any tracks</p>
<div style="text-align: center;">
<img class="image" alt="fullcode-heliosHex" style="width: 80%;min-width: 250px;" src="/fullcode-heliosHex.jpg"/>
<img class="image" alt="heliosHex-backdoor" style="width: 80%;min-width: 250px;" src="/heliosHex-backdoor.jpg"/>
</div>
<p>If we were working as we currently work on Cardano, with low level compiled CBOR and frontends and backends centralizing the parameterized execution of open source code, it would be much harder to audit and only experts on advanced Plutus de-compiling could detect such a threat</p>
</div>
</div>
<div class="frame">
<h4>Backdoor Exploit</h4>
<p>Import the Backdoor QR encrypted wallet by scanning/uploading it <a target="_blank" href="https://beta-preprod-wallet.gamechanger.finance/import/express">here</a> and withdraw any deposit you want with it</p>
<img alt="Backdoor Wallet" style="width: 50%;min-width: 250px;" src="/backdoor.png"/>
</div>
<div style="text-align: center;" class="frame">
<h4>Disaster Recovery</h4>
<div style="text-align: left;">
<p>
<ul style="text-align: left;">
<li>Frontent breaking changes?</li>
<li>Dapp developer team gone?</li>
<li>Censored dapp?</li>
<li>Want to interoperate with any protocol?</li>
</ul>
When you get rid of processing transactions on opaque centralized backends and you work on client side storing protocol interfaces on <b>GCFS</b> your users can rest assured the minimal code required to recover their locked funds will be forever available on-chain, no matter what happens with dapp frontents, teams, censorships, you name it.
You just need to pass the right parameters to the protocol interface and the same <b>GCScript</b> code the dapp calls will be runned. You can use <a target="_blank" rel="noopener noreferrer" href="https://beta-preprod-wallet.gamechanger.finance/playground"> our IDE</a> for this, and for all the development process.
<br><br>
<div style="text-align: center;">
<img alt="Manual recovery" style="width: 80%;min-width: 250px;" src="/recovery.jpg"/>
</div>
<br><br>
If you <a target="_blank" href="https://cardano.ideascale.com/c/idea/102594">support our proposal</a>, you will also be able to host frontends stored fully on-chain, along with their protocol interfaces, having 100% stored on-chain dapps on Cardano. We started with the hardest part, the interoperable protocol layer that took more than a year of development, frontent hosting is the last missing piece.
</p>
</div>
</div>
<h2 class="frame">👀 Want same dapp <a href="/nogcfs.html">but without GCFS?...</a></h2>
<br /><br /><br />
<p>
<p><i> 💪 Lets turn Cardano into the Blockchain of the Web! 💪 </i> </p>
<br />
<div class="frame" style="text-align: center;">
<h4>Please support us by voting our Catalyst Fund10:</h4>
<ul style="text-align: left; max-width: 600px; display: inline-block;">
<li><a target="_blank" rel="noopener noreferrer" href="https://cardano.ideascale.com/c/idea/107727">
Finalize Helios</a> </li>
<li><a target="_blank" rel="noopener noreferrer" href="https://cardano.ideascale.com/c/idea/102594"> GameChanger:
File Storage Protocol over Cardano - Enhancements and HTTP API Servers</a> </li>
<li><a target="_blank" rel="noopener noreferrer" href="https://cardano.ideascale.com/c/idea/103962"> Babel Fees
and Sponsored Transactions: NOW!</a> </li>
</ul>
</div>
<p><a target="_blank" rel="noopener noreferrer" href="https://twitter.com/GameChangerOk"> Twitter</a> </p>
<p><a target="_blank" rel="noopener noreferrer" href="https://discord.gg/vpbfyRaDKG"> Discord</a> </p>
<p><a target="_blank" rel="noopener noreferrer" href="https://www.youtube.com/@gamechanger.finance"> Youtube</a>
</p>
<p><a target="_blank" rel="noopener noreferrer" href="https://gamechanger.finance"> Website</a> </p>
<p><a target="_blank" rel="noopener noreferrer"
href="https://beta-preprod-wallet.gamechanger.finance/doc/api/v2/api.html"> API Documentation</a> </p>
<p><i>Powered by <b><a target="_blank" rel="noopener noreferrer"
href="https://dandelion.link">Dandelion APIs</a></b></i></p>
<p><i>Coded with ❤️ using <b><a target="_blank" rel="noopener noreferrer"
href="https://beta-preprod-wallet.gamechanger.finance/playground"> GameChanger Wallet Playground
IDE</a></b> 2023 </i></p>
</p>
<p>MIT License | Adriano Fiorenza | Founder & Dev of GameChanger Wallet</p>
<p>View in <a target="_blank" rel="noopener noreferrer" href="https://github.com/zxpectre/cardano-gc-helios-dapp/"> Github</a> </p>
</body>
<style>
body,input{
color:green;
background-color: #121213;
font-family: 'Courier New', Courier, monospace;
padding:30px 30px;
}
input{
outline: none;
border: 1px solid green;
padding:5px 5px;
width: 80%;
}
button{
outline: none;
border: 1px solid green;
background-color:green;
color: black;
margin:15px 5px;
padding:5px 20px;
border-radius: 5px;
cursor: pointer;
}
.frame {
display: inline-block;
width: 80%;
padding: 12px;
border: 2px dashed green;
border-radius: 5px;
margin:10px 20px;
}
.image{
margin:20px 20px;
}
</style>
</html>