/dBlik

Primary LanguageTypeScriptOtherNOASSERTION

dBlik

Decentralized BLIK-like app using the Solana blockchain infrastructure.


Project Status: WIP – Work in Progress Vercel Deploy

Demo

Web application is available with a dedicated sample store:

It works on the Devnet cluster ↗ and requires installing a wallet, such as Solflare ↗ (preferred) or Phantom ↗. After creating an account in Devnet network, you can get funds using the Faucet ↗.

IMPORTANT

Make sure your wallet is set to testnet mode.

Overview

Happy path

Diagram and animation below demonstrate the application's basic functionality.

overview

animation

Transaction window

Codes are generated in 10-minute windows. This means that if a code is generated at 21:36, one of the seed components will be '21:30'. When checking the code at 21:41, it is necessary to check both 21:30 and 21:40, as it is within the overlap zone.

Assuming half of the possible code pool (450k) is used, it is possible to conduct 23.5 billion transactions annually. This allows for over 20 times more transactions than were conducted in 2023 with the original product in Poland ↗. Reducing the window to 5 minutes would enable nearly 50 billion transactions.

overview

Roadmap

  • Preliminary research
  • MVP
    • On-chain program with basic functionality
    • Local demo
  • Testing and feedback
    • Public demo
    • Cover the program with tests
  • JavaScript package
  • Optional
    • Refunding overdue funds in the Transaction Account
    • Transaction cancellation by customer
    • Charging the store a refundable fee
    • Transaction expiration by store
    • Viewing transactions within one session
    • Integration with chosen e-commerce platform
    • Mobile application

Research and conclusions

Generating random code

As it is known, the application relies on generating random codes, which is not feasible within the domain of blockchain. Additionally, all data on the blockchain is public. While I discovered solution like Switchboard Randomness ↗, which allows for providing VRF (Verifiable Random Function), it's too expensive for generating a one-time code.

Therefore, I've decided to generate the code off-chain.

Thousands of transactions at the same time

I was wondering how to store temporary (or not) transaction data. I tried using Zero Copy Account ↗, which allows for storing a larger (max 10 MiB vs 10 KiB), but still limited, amount of data. However, I didn't have a solution for handling entry deletions.

I came up with the idea of creating a new Storage Account for each transaction, with a custom address generated, using a random code and timestamp as the seed. In consequence, I don't need to store any references in any central location.

Generating address from the seed

The built-in function anchor.web3.SystemProgram.createAccountWithSeed() caused the seed to be visible ↗.

So, I've decided to use the standard method anchor.web3.SystemProgram.createAccount(), in which I can declare separately generated keys and sign the transaction.

Vulnerabilities

The attacker, by subscribing to changes in the program, can easly obtain the account address with transaction data. They can send a payment request without knowing the code.

One solution that comes to mind first, besides comparing the transaction amount, is attaching additional custom information from the store, such as the name and internal transaction ID. However, this still requires caution from the user.

Another option is to charge the store a refundable fee for hooking up to the transaction, which will be refunded regardless of the success of the transaction.

Setup

Download the project using Git

git clone https://github.com/Karlos348/dBlik.git

dBlik - smart contract (program)

Requirements

System dependencies ↗

Rust and Cargo ↗

Solana CLI ↗

Anchor ↗

Stages to run

(Windows only) Use WSL

wsl

Create and set wallet (using WSL start PATH with /mnt/c, for example /mnt/c/Users/Profile/.config/solana/id.json)

solana-keygen new -o PATH/id.json
solana config set -k PATH/id.json

Set Devnet cluster

solana config set -u devnet

Request airdrop

solana airdrop 2

2 SOL may be insufficient to deploy the program, so use Faucet ↗ to get more.

Update ./Anchor.toml

wallet = 'PATH/id.json'

Build program

anchor build

Deploy program

anchor deploy

Optional

Update ./Anchor.toml

[programs.devnet]
dblik = "GENERATED_PROGRAM_ID"

Update ./programs/dblik/lib.rs

declare_id!("GENERATED_PROGRAM_ID");

dBlik - client

Requirements:

Node.js >= 20.x

Stages to run

Go to the project directory

cd ./app/dblik

Create .env.local file by copying the default values from .env.prod

cp .env.prod .env.local

Install the dependencies

npm install

Run application

npm run dev

Optional

Update NEXT_PUBLIC_PROGRAM_ID in .env.local with the generated one to use your deployed program

NEXT_PUBLIC_PROGRAM_ID=EE4v8mDaBcnXjYakNPUExR1DGZXS4ba4vyBSrqXXRRF3

Sample store

Requirements:

Node.js >= 20.x

Stages to run

Generate store account using wallet or CLI and deposit funds into it (0.5 SOL is entirely enough)

solana-keygen new -o PATH/store.json

Go to the project directory

cd ./app/store

Create .env.local file by copying .env.prod

cp .env.prod .env.local

Update STORE_KEYPAIR in .env.local by copying key from PATH/store.json

STORE_KEYPAIR=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0

Install the dependencies

npm install

Run application

npm run dev

Optional

Update PROGRAM_ID in .env.local with the generated one to use your deployed program

PROGRAM_ID=EE4v8mDaBcnXjYakNPUExR1DGZXS4ba4vyBSrqXXRRF3