Varun Srinivasan
@v
A quick primer on how keys and frames work in FC. During sign up: 1. User creates eth key on their phone. 2. Warpcast creates account key on its server. 3. User approves account key onchain Eth keys can hold funds and can control your account. Account keys can only post messages from your account.
10 replies
36 recasts
124 reactions
Varun Srinivasan
@v
The eth key controls your account and is an Ethereum address. The account key can post from your account, and is NOT an Ethereum address. This design is intentional and ensures that: 1. users never have to give apps control of their account 2. apps never have to worry about users storing funds on keys they control
1 reply
0 recast
9 reactions
Varun Srinivasan
@v
Enter frames. When you click a frame button, you sign a message from your account key. Or rather, Warpcast or Supercast sign it for you. A frame can never request a signature from your Eth key. If properly implemented, a frame can never touch an Ethereum address and your funds are safe.
2 replies
0 recast
7 reactions
Varun Srinivasan
@v
Could frames securely ask you to do things onchain? I think yes, but there are different approaches and tradeoffs. Option 1: Use the account key to control a wallet This is easy to build, but the app and not the user is in control of the wallet. Also, a user would need to make a separate wallet on each app.
2 replies
0 recast
6 reactions
Varun Srinivasan
@v
Option 2: Link to external wallets Clicking a transaction simply opens your favorite mobile wallet and asks it to execute your transaction. This is much more secure, but the mobile <> mobile user experience is sometimes bad. Requires almost 7 steps in some cases and fails a surprising amount of the time.
3 replies
0 recast
11 reactions
Varun Srinivasan
@v
Option 3: Use a wallet inside Farcaster An ethereum key inside FC acts as a wallet or controls an AA wallet. Doing it inside Warpcast is a lot of work and being a fully functional wallet isn't our main quest. Setting up another AA wallet could work, but won't work in other apps like Supercast.
4 replies
0 recast
10 reactions
Varun Srinivasan
@v
It's still early but we're learning towards Option 2 or 3 at this point. Option 1 poses major security risks and is hard to recommend in its current form. If you have other ideas or alternatives, we'd love to hear them.
4 replies
0 recast
4 reactions
Callum Wanderloots ✨
@wanderloots.eth
The inability to prevent direct ETH key on chain interaction makes sense to me from a security standpoint, but I’m a bit confused. What happens when you “mint” in a frame if there is no on chain transaction happening? Is the nft merely going to the warp account address?
0 reply
0 recast
0 reaction