Varun Srinivasan pfp
Varun Srinivasan
@v
A quick primer on how keys and frames work in FC. During sign up: 1. User creates eth key on their phone. 2. Warpcast creates account key on its server. 3. User approves account key onchain Eth keys can hold funds and can control your account. Account keys can only post messages from your account.
10 replies
38 recasts
156 reactions
Varun Srinivasan pfp
Varun Srinivasan
@v
The eth key controls your account and is an Ethereum address. The account key can post from your account, and is NOT an Ethereum address. This design is intentional and ensures that: 1. users never have to give apps control of their account 2. apps never have to worry about users storing funds on keys they control
1 reply
0 recast
10 reactions
Varun Srinivasan pfp
Varun Srinivasan
@v
Enter frames. When you click a frame button, you sign a message from your account key. Or rather, Warpcast or Supercast sign it for you. A frame can never request a signature from your Eth key. If properly implemented, a frame can never touch an Ethereum address and your funds are safe.
2 replies
0 recast
7 reactions
Varun Srinivasan pfp
Varun Srinivasan
@v
Could frames securely ask you to do things onchain? I think yes, but there are different approaches and tradeoffs. Option 1: Use the account key to control a wallet This is easy to build, but the app and not the user is in control of the wallet. Also, a user would need to make a separate wallet on each app.
2 replies
0 recast
6 reactions
Varun Srinivasan pfp
Varun Srinivasan
@v
Option 2: Link to external wallets Clicking a transaction simply opens your favorite mobile wallet and asks it to execute your transaction. This is much more secure, but the mobile <> mobile user experience is sometimes bad. Requires almost 7 steps in some cases and fails a surprising amount of the time.
3 replies
0 recast
11 reactions
Varun Srinivasan pfp
Varun Srinivasan
@v
Option 3: Use a wallet inside Farcaster An ethereum key inside FC acts as a wallet or controls an AA wallet. Doing it inside Warpcast is a lot of work and being a fully functional wallet isn't our main quest. Setting up another AA wallet could work, but won't work in other apps like Supercast.
4 replies
0 recast
11 reactions
Varun Srinivasan pfp
Varun Srinivasan
@v
It's still early but we're learning towards Option 2 or 3 at this point. Option 1 poses major security risks and is hard to recommend in its current form. If you have other ideas or alternatives, we'd love to hear them.
4 replies
0 recast
6 reactions
df pfp
df
@df
option 4. users never does anything except iOS native payments, apps receive payment and call a single function on a Farcaster contract. Frame app then can claim the $ from the contract and send connected wallet the tokens in their own transaction. risk free, simple, great UX https://warpcast.com/df/0xc5416370
3 replies
0 recast
1 reaction
Varun Srinivasan pfp
Varun Srinivasan
@v
two problems: 1. chargeback risk (which is very high) 2. only supports minting where object of tx is transferrable
2 replies
0 recast
1 reaction
df pfp
df
@df
could also set dynamic limits on users to reduce chargebacks
0 reply
0 recast
0 reaction
df pfp
df
@df
hm 1. fund account w crypto instead via deposit contract call, to get warps (not sure about app store rules on this) 2. but thats 95%+ of consumer use cases for paid txs, and the rest can be adapted via new contracts and extending this spec
0 reply
0 recast
0 reaction