-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add EIP: Domain-contracts two-way binding #6807
Closed
Closed
Changes from all commits
Commits
Show all changes
11 commits
Select commit
Hold shift + click to select a range
50fdc70
Add Domain-contracts two-way binding
VenkatTeja ddeccd2
Update eip-domain-contracts-binding.md
VenkatTeja 1cc2216
Update eip-domain-contracts-binding.md
VenkatTeja 5eba034
Add FEM url
VenkatTeja 3dbd2b5
Update eip-domain-contracts-binding.md
VenkatTeja 63a7218
Create eip-template.md
VenkatTeja cd754db
Delete eip-template.md
VenkatTeja ba5287b
Create eip-template.md
VenkatTeja 776c01e
Merge branch 'master' into master
VenkatTeja da51a55
Remove comments and add POC link
VenkatTeja 174e2d3
Put in correct directory
SamWilsn File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,116 @@ | ||
| --- | ||
| eip: 6807 | ||
| title: Domain-contracts two-way binding | ||
| description: Two-way binding between domain and its official contracts to prevent DNS attacks | ||
| author: Venkat Kunisetty (@VenkatTeja) | ||
| discussions-to: https://ethereum-magicians.org/t/eip-domain-contracts-two-way-binding/13209 | ||
| status: Draft | ||
| type: Standards Track | ||
| category: ERC | ||
| created: 2023-03-08 | ||
| --- | ||
|
|
||
| ## Abstract | ||
|
|
||
| This EIP proposes a standard way for dapps to maintain their official domains and contracts that are linked through an on-chain and off-chain two-way binding mechanism. | ||
|
|
||
| ## Motivation | ||
|
|
||
| Web3 users sometimes get attacked due to vulnerebilities in web2 systems. For example, in Nov 2022, Curve.fi suffered a DNS attack. This attack would have been prevented if there was a standard way to allow dapp developers to disclose their official contracts. If this was possible, wallets could have easily detected un-official contracts and warned users. | ||
|
|
||
| An added advantage to this approach is to predictably find the the official contract addresses of a dapp. Most dapp's docs are non-standard and it is difficult to find the official contract addresses. | ||
|
|
||
| ## Specification | ||
|
|
||
| ### Terms | ||
|
|
||
| 1. `Two-way` binding: Being able to verify what official contracts of a domain are offchain and onchain | ||
| 2. `Dapp Registry contract (DRC)`: This is a contract that is to be deployed by dapp developer that validates if a contract address is official | ||
| 3. `Registry contract`: This is a contract that maintains the mapping between domain and its DRC. | ||
| 4. `DApp Developer (DAD)`: The one who is developing the decentralised application | ||
|
|
||
| ### Implementation | ||
|
|
||
| The DAD must create a custom file on their domain at `/contracts.json` route. The file must return the information about the official contracts in the following structure: | ||
|
|
||
| ```javascript | ||
| // Returns the array of this structure | ||
| { | ||
| contractAddress: "0x...abc", | ||
| name: "Your contract name", | ||
| description?: "your contract description", | ||
| code?: "Link to sol file of this contract" | ||
| }[] | ||
| ``` | ||
|
|
||
| Further, DAD must deploy a DRC that has the following structure: | ||
|
|
||
| ```solidity | ||
| interface IDAppRegistry { | ||
|
|
||
| function isMyContract(address _address) external view returns (bool); | ||
| } | ||
| ``` | ||
|
|
||
| We define the Registry contract as: | ||
|
|
||
| ```solidity | ||
| contract DomainContractRegistry { | ||
| struct RegistryInfo { | ||
| address dappRegistry; | ||
| address admin; | ||
| } | ||
|
|
||
| mapping(string => RegistryInfo) public registryMap; | ||
|
|
||
| function setDappRegistry(string memory _domain, address _dappRegistry) external { | ||
| // check if a domain already has a dapp registry mapped | ||
| // if yes, check if owner is same. if so, allow the change | ||
| // if no, recordTransition(_domain, _dappRegistry); | ||
|
|
||
| IDappRegistry dappRegistry = IDappRegistry(_dappRegistry); | ||
| // Use chainlink to the call `{{domain}}/contracts.json`. | ||
| // Check for each contract listed in contracts.json by calling | ||
| // dappRegistry.isMyContract(_address) | ||
|
|
||
| // If all addresses match, update registryMap | ||
| } | ||
|
|
||
| // In case of a domain transfer, register that there is potential change in registry mapping | ||
| // and a new owner may be attempting to update registry | ||
| // A cool-off period is applied on the domain marking a potential transfer in ownership | ||
| // Cool-off period can be 7 days | ||
| function recordTransition(string memory _domain, address _dappRegistry) internal | ||
|
|
||
| } | ||
| ``` | ||
|
|
||
| DAD must register their domain in this registry to validate domain ownership. | ||
|
|
||
| ## Rationale | ||
|
|
||
| Wallets need official contract addresses of a domain to warn users if the domain is sending transaction to a different address. This could have been solved by allowing DADs to provide a standard url (e.g. /contracts.json) to wallets. However, in the event of a DNS attack, even this information can be tampered. By deploying a registry contract on chain, the DAD is able to have a second source of their official contracts that they can set when they have full control of their domain. If registry's information gets tampered, wallets can always use standard url to cross-check. This system ensures the attackers has to get access to both admin private keys and domain control to do the attack which is highly difficult relatively. This is analogous to 2FA. | ||
|
|
||
| <!-- More details - TBD --> | ||
|
|
||
| ## Backwards Compatibility | ||
|
|
||
| No backward compatibility issues found. | ||
|
|
||
| ## Test Cases | ||
|
|
||
| <!-- TODO --> | ||
|
|
||
| <!-- | ||
|
|
||
| ## Reference Implementation | ||
|
|
||
| --> | ||
|
|
||
| ## Security Considerations | ||
|
|
||
| <!-- TODO --> | ||
|
|
||
| ## Copyright | ||
|
|
||
| Copyright and related rights waived via [CC0](../LICENSE.md). | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't allow external links. If you would like to include a reference implementation, please do so in the
../assets/eip-6807folder with a CC0-1.0 license.