Transaction Attestation Platform (TAP)
TAP is an Ethereum + IPFS platform that lets users attest to what will actually happen when users invoke certain functions within smart contracts. For each function in a smart contract that's attested to, users will get visibility into:
- a description of what is intended to happen
- are there any known exploits?
- does this function invoke other external smart contract functions?
- does it require ETH?
- does it send you ETH?
- does it transfer ownership of an asset controlled by your account?
- what may cause this function to throw and lose your gas?
- an overall risk assessment of signing that transaction
- and more. View full working schema for an attestation.
Without social attestations, users have very little transparency into what will actually happen when they press that "Accept" button to sign a transaction. With attestations they can use DApps with confidence.
The TAP smart contract documents the full on chain functionality, however the smart contract only proves that attestations were provided by a given account, and the attestation data itself lives on IPFS. As a result, we recommend that you would use the JS interface in order to write out correct and valid attesattions.
To use TAPJS library please include both ipfs.js, tap.js, and browser-solc.min.js in your source.
<script src="./ipfs.js"></script> <!-- Borrowed from the Consensys IPFS wrapper: https://github.com/ConsenSys/ipfs.js --> <script src="./app.js"></script> <script src="./tap.js"></script> <script src="./browser-solc.min.js"></script>
TAP.js provides the core interface for interacting with the TAP platform. It provides the following functions.
TAPJS.verifyContract(addr, contractCode, solcVersion, optimize, name, callback)
Before you can provide attestations, the code for the contract must be
verified, and the request registered with TAP. Call
if it hasn't been called yet for the contract within TAP. For
solcVersion, use the string of the version number of the compiler,
"soljson-v0.4.6+commit.2dabbdf0.js", and for optimize, just
Get the known attestations for a given contract and methodId. MethoID is the 0x prefixed 4 byte identifier constructed from sha3(function signature).
Add a new attestation. This will require you to sign the attestation object, and then sign the transaction on the blockchain. At the moment, the attestation object is a JS object conforming to the attestation schema example but we'd like to add a helper method to make it easier to construct this object.
Coming soon...this is how you would vote on an attestation.
TAP is a work in progress project proposed by Eric Tang and Doug Petkanics. We believe that this only succeeds as a community driven project, since the major benefits of TAP will be both provided by and delivered to the community. We'd currently like feedback in the issues on attestation schemas and on the mechanisms that bounties could be provided and distributed to users for providing attestations.
Additionally, TAP will require a great frontend to display all the great attestations that users have left, and to make it easy for users to submit attestations. We have a working proof of concept frontend on a branch, but if any aspiring DApp developers would like to get involved in building out a community tool, please contact us. We'd love to help get you involved.
Running a full decentralized version of TAP requires running Ethereum and IPFS.
The architecture of the app is that attestations are stored on IPFS, and the hashes that represent them are stored into the contract. Users can make verify any contracts code (also stored on IPFS), and then other users can attest to the contracts.
Setup a local node on a local network to test against...
geth --identity "yournode" --datadir ~/.chaindata --networkid 1999 init configs/CustomGenesis.json geth --identity "yournode" --rpc --rpcport "8545" --rpccorsdomain "*" --datadir ~/.chaindata/ --port "30303" --rpcapi "db,eth,net,web3,personal" --networkid 1999 console
Create an account, unlock it, and start mining.
personal.newAccount() personal.unlockAccount(eth.accounts) miner.setEtherbase(eth.accounts) miner.start()
Since the app is served on port 8080 by default, as is IPFS, you'll want to change some IPFS config vals. I'm running on port 8082
$ ipfs config Addresses.Gateway /ip4/127.0.0.1/tcp/8082 $ ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin "[\"*\"]" $ ipfs config --json API.HTTPHeaders.Access-Control-Allow-Credentials "[\"true\"]" $ ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin "[\"http://localhost:8080\"]" $ ipfs config --json API.HTTPHeaders.Access-Control-Allow-Methods "[\"PUT\", \"POST\", \"GET\"]"
Run IPFS daemon
$ ipfs daemon
Add files in the examples directly to IPFS and note the resulting hashes
cd examples ipfs add *
Serve the DApp locally
We removed the proof of concept frontend from master, but it still
lives on the
ui branch. If you'd like to run the UI:
git checkout ui truffle build truffle migrate --reset truffle serve
You can now access the app at
http://localhost:8080 were you can
register contracts and attestations. You can then access attestations