Varun Srinivasan
@v
A quick primer on how keys and frames work in FC. During sign up: 1. User creates eth key on their phone. 2. Warpcast creates account key on its server. 3. User approves account key onchain Eth keys can hold funds and can control your account. Account keys can only post messages from your account.
10 replies
40 recasts
134 reactions
Varun Srinivasan
@v
The eth key controls your account and is an Ethereum address. The account key can post from your account, and is NOT an Ethereum address. This design is intentional and ensures that: 1. users never have to give apps control of their account 2. apps never have to worry about users storing funds on keys they control
1 reply
1 recast
11 reactions
Varun Srinivasan
@v
Enter frames. When you click a frame button, you sign a message from your account key. Or rather, Warpcast or Supercast sign it for you. A frame can never request a signature from your Eth key. If properly implemented, a frame can never touch an Ethereum address and your funds are safe.
2 replies
1 recast
8 reactions
Varun Srinivasan
@v
Could frames securely ask you to do things onchain? I think yes, but there are different approaches and tradeoffs. Option 1: Use the account key to control a wallet This is easy to build, but the app and not the user is in control of the wallet. Also, a user would need to make a separate wallet on each app.
2 replies
1 recast
6 reactions
Varun Srinivasan
@v
Option 2: Link to external wallets Clicking a transaction simply opens your favorite mobile wallet and asks it to execute your transaction. This is much more secure, but the mobile <> mobile user experience is sometimes bad. Requires almost 7 steps in some cases and fails a surprising amount of the time.
3 replies
1 recast
11 reactions
Varun Srinivasan
@v
Option 3: Use a wallet inside Farcaster An ethereum key inside FC acts as a wallet or controls an AA wallet. Doing it inside Warpcast is a lot of work and being a fully functional wallet isn't our main quest. Setting up another AA wallet could work, but won't work in other apps like Supercast.
4 replies
1 recast
10 reactions
McBain
@mcbain
personally this is the path I hope you go down! It fits in with how I'm seeing what we're doing evolve
0 reply
0 recast
2 reactions
paw 🎩
@paw
The link to external wallet should always be unique, though. I don't use mobile wallets, so I have to copy that to my PC to finish the transaction, and if the link is not unique, I'm 99.9% abandoning the tx
0 reply
0 recast
0 reaction
