/MobyMask

A browser extension for reporting phishers built on the Delegatable.eth framework.

Primary LanguageJavaScriptMIT LicenseMIT

MobyMask

A lightweight, viral invite-based phishing report system with accountability and revocation. Available at https://mobymask.com.

Based on the Delegatable Eth framework for making counterfactually mintable soulbound tokens (or off chain delegations).

Workflow

Various components can be found in the packages folder.

  • hardhat contains the solidity and its tests.
  • server includes a server that could eventually index the results, and generates root-level invitation links.
  • react-app contains the front-end.
  • js-eth-delegatable-utils is a JS utility I made for more easily and reliably making signatures in the Astral format.
  • extension is the beginnings of a browser extension that could flag phishers on Twitter. It is able to add a badge to people, but does not yet have a data source.

Delegatable

An abstract solidity contract that any contract can easily integrate to add a ton of improvements to that contract's user and developer experience for all of its functions:

  • Allow users to sign "invocations" instead of transactions, which bring lots of benefits.
  • Invocations bring the full user-readability of signTypedData for all of that app's operations.
  • Support for MetaTransactions
  • Support for batched operations: Many actions in one transaction, and potentially lower gas costs.
  • Support for signing multiple actions that aren't blocked by each other, so an urgent transaction isn't blocked by the low nonce of a low-stakes low-gas bid transaction.
  • Support for signing commitments that can be lazily submitted to the blockchain later.
  • Allow users to sign offchain messages that delegate authority to perform any action they can perform, along with an open-ended system for adding restrictions to that delegation, including revocation.
  • Allow the holder of any delegation to issue a delegation from it, also with an off-chain signature and no up-front gas.
  • Allows creating invite links to users who don't have accounts set up yet, by signing delegations to a key you send to them.

You can read about the theory behind this library here.

Integration in a Solidity project

pragma solidity ^0.8.13;

import "./Delegatable.sol";

contract YourContract is Delegatable {

  constructor(string memory name) Delegatable(name, "1") {}

  function _msgSender () internal view override(Delegatable, Context) returns (address sender) {
    if(msg.sender == address(this)) {
      bytes memory array = msg.data;
      uint256 index = msg.data.length;
      assembly {
        // Load the 32 bytes word from memory with the address on the lower 20 bytes, and mask those.
        sender := and(mload(add(array, index)), 0xffffffffffffffffffffffffffffffffffffffff)
      }
    } else {
      sender = msg.sender;
    }
    return sender;
  }

}

To use this in your own contract, follow these simple steps:

  • inherit your contract from contracts/Delegatable.sol.
  • Your constructor will need to pass the Delegatable class a name for your contract, and a version string, per EIP 712.
  • Add our sample _msgSender() method to your contract, as seen in our sample contract.
  • If you are inheriting from any contracts that use msg.sender to identify a user, you should now use the _msgSender() method instead, to benefit from this framework. Conveniently, it seems that most OpenZeppelin libraries already use an internal _msgSender() implementation, and so overriding it as shown should be enough to use those libraries.

Integration into a web frontend

These contracts should be compatible with any signer or wallet that supports signTypedData_v4, like MetaMask.

You will be calling the eth_signTypedData method with the V4 parameter, as seen in the test files.

How it's set up

A fork of Scaffold-ETH boilerplate

Currently most of the good stuff is going on in packages/hardhat.

everything you need to build on Ethereum! ๐Ÿš€

๐Ÿงช Quickly experiment with Solidity using a frontend that adapts to your smart contract:

image

๐Ÿ„โ€โ™‚๏ธ Quick Start

Prerequisites: Node plus Yarn and Git

clone/fork ๐Ÿ— scaffold-eth:

git clone https://github.com/austintgriffith/scaffold-eth.git

install and start your ๐Ÿ‘ทโ€ Hardhat chain:

cd scaffold-eth
yarn install
yarn chain

in a second terminal window, start your ๐Ÿ“ฑ frontend:

cd scaffold-eth
yarn start

in a third terminal window, ๐Ÿ›ฐ deploy your contract:

cd scaffold-eth
yarn deploy

๐Ÿ” Edit your smart contract YourContract.sol in packages/hardhat/contracts

๐Ÿ“ Edit your frontend App.jsx in packages/react-app/src

๐Ÿ’ผ Edit your deployment scripts in packages/hardhat/deploy

๐Ÿ“ฑ Open http://localhost:3000 to see the app

๐Ÿ“š Documentation

Documentation, tutorials, challenges, and many more resources, visit: docs.scaffoldeth.io

๐Ÿ”ญ Learning Solidity

๐Ÿ“• Read the docs: https://docs.soliditylang.org

๐Ÿ“š Go through each topic from solidity by example editing YourContract.sol in ๐Ÿ— scaffold-eth

๐Ÿ“ง Learn the Solidity globals and units

๐Ÿ›  Buidl

Check out all the active branches, open issues, and join/fund the ๐Ÿฐ BuidlGuidl!

๐Ÿ’ฌ Support Chat

Join the telegram support chat ๐Ÿ’ฌ to ask questions and find others building with ๐Ÿ— scaffold-eth!


๐Ÿ™ Please check out our Gitcoin grant too!