added arweave accounts as a authenticity criteria

masa-finance · Dec 7, 2022 · e33ccba · e33ccba
1 parent 461d34c
commit e33ccba
Showing 1 changed file with 40 additions and 3 deletions.
diff --git a/src/soul-name/verify.ts b/src/soul-name/verify.ts
@@ -12,12 +12,24 @@ const arAccounts = [
   "8sHnZwikWp6x2wWC7PoACl_froaXS6ECBkpjFLUeN_U",
 ];
 
-export const verifyByName = async (masa: Masa, soulName: string) => {
+export const verifyByName = async (
+  masa: Masa,
+  soulName: string
+): Promise<{
+  nameMatch: boolean;
+  imageOwnerIsMasaAccount: boolean;
+  imageHashMatch: boolean;
+  imageSignatureMatch: boolean;
+  metadataSignatureMatch: boolean;
+  metadataOwnerIsMasaAccount: boolean;
+}> => {
   const result = {
     nameMatch: false,
+    imageOwnerIsMasaAccount: false,
     imageHashMatch: false,
     imageSignatureMatch: false,
     metadataSignatureMatch: false,
+    metadataOwnerIsMasaAccount: false,
   };
 
   let soulNameInstance;
@@ -28,15 +40,34 @@ export const verifyByName = async (masa: Masa, soulName: string) => {
     return result;
   }
 
-  // todo add arweave address matches
-
   if (soulNameInstance) {
+    // check if name matches onchain and in the metadata
     result.nameMatch =
       soulNameInstance.tokenDetails.sbtName === soulNameInstance.metadata?.name;
 
+    // check if metadata was deployed to arweave by masa
+    const metadataTxId = soulNameInstance.tokenUri.replace("ar://", "");
+
+    if (metadataTxId) {
+      const metadataTxData = await masa.arweave.transactions.get(metadataTxId);
+      const metadataOwner = await masa.arweave.wallets.ownerToAddress(
+        metadataTxData.owner
+      );
+      result.metadataOwnerIsMasaAccount =
+        !!metadataOwner && arAccounts.indexOf(metadataOwner) > -1;
+    }
+
     const imageTxId = soulNameInstance.metadata?.image?.replace("ar://", "");
 
     if (imageTxId) {
+      // check if image data was deployed to arweave by masa
+      const imageTxData = await masa.arweave.transactions.get(imageTxId);
+      const imageDataOwner = await masa.arweave.wallets.ownerToAddress(
+        imageTxData.owner
+      );
+      result.imageOwnerIsMasaAccount =
+        !!imageDataOwner && arAccounts.indexOf(imageDataOwner) > -1;
+
       const imageData = (await masa.arweave.transactions
         .getData(imageTxId, {
           decode: true,
@@ -47,9 +78,11 @@ export const verifyByName = async (masa: Masa, soulName: string) => {
 
       const imageHash = ethers.utils.keccak256(imageData);
 
+      // check if image data hash matches the hash from the metadata
       result.imageHashMatch =
         imageHash === soulNameInstance.metadata?.imageHash;
 
+      // check that image hash signature matches one of the masa addresses
       if (soulNameInstance.metadata?.imageHashSignature) {
         const recoveredImageAddress = recoverAddress(
           imageHash,
@@ -62,8 +95,12 @@ export const verifyByName = async (masa: Masa, soulName: string) => {
       }
     }
 
+    // check that metadata signature matches one of the masa addresses
     if (soulNameInstance.metadata?.signature) {
       const m = { ...soulNameInstance.metadata };
+
+      // we need to remove the signature before we can verify because the signature
+      // was created without
       m.signature = "";
 
       const recoveredMetadataAddress = recoverAddress(