NEP-452 Linkdrop Standard

[BenKurrek]

Discussions found here.

---

NEP Status (Updated by NEP moderators)

SME reviews:

• Wallet Standards SME: @joe-rlo NEP-452 Linkdrop Standard #452 (comment)
• Contract Standards SME: @frol NEP-452 Linkdrop Standard #452 (comment)

Contract Standards WG voting indications:

• 👍 @frol NEP-452 Linkdrop Standard #452 (comment)
• 👍 @abacabadabacaba NEP-452 Linkdrop Standard #452 (comment)
• 👍 @fadeevab NEP-452 Linkdrop Standard #452 (comment)
• "so so" @robert-zaremba, small bits to update: NEP-452 Linkdrop Standard #452 (review)

Wallet Standards WG voting indications:

• 👍 @Cameron-Banyan NEP-452 Linkdrop Standard #452 (comment)
• ❔ @MaximusHaximus
• ❔ @esaminu

[render]

Your Render PR Server URL is https://nomicon-pr-452.onrender.com.

Follow its progress at https://dashboard.render.com/static/srv-cf7unio2i3mt56g24r7g.

[mfornet]

We need to gather input from wallet developers since this interface will mostly be used from different wallets.

@near/wg-wallet-standards @near/near-wallet @near/wallet-core-contributors

[frol]

Thank you @BenKurrek for submitting this NEP.

As a moderator, I reviewed this NEP and it meets the proposed template guidelines. I am moving this NEP to the REVIEW stage and would like to ask the @near/wg-contract-standards and @near/wg-wallet-standards working group members to assign 2 Technical Reviewers (let's have one person with the Wallet expertise and one person with the Contracts expertise) to complete a technical review (see expectations). If you want to assign yourself, please mention that you are acting as the Technical Reviewers.

Please find some guidelines below for completing the technical review.

Technical Review Guidelines

• First, review the proposal within one week. If you have any suggestions that could be fixed, leave them as comments to the author. It may take a couple of iterations to resolve any open comments.

• Second, once all the suggestions are addressed, produce (example):

  • A recommendation for the working group if the NEP is ready for voting (it could be approving or rejecting recommendation)

  • A summary of benefits

  • A summary of concerns and blockers that were identified on the way and their status (some will be resolved, others dismissed, etc)

Please tag the @near/nep-moderators once you are done, so we can move this NEP to the voting stage. Thanks again.

[frol]

As a contract standards working group member, I definitely see the value in defining the linkdrop standard as it is widely used and previously we hacked things together into the NEAR Wallet, but other Wallets should also be able to onboard users through linkdrops. Adding NFT and FT support is also great quality of life improvement.

[Cameron-Banyan]

As a wallet working group committee member, I’d like to formally nominate @joe-rlo from Ready Layer One Tech, who builds applications that implement LinkDrops to review NEP452: Linkdrop Standard as a Subject Matter Expect.

[joe-rlo]

As someone actively building multiple projects using first, linkdrop directly, and now through Keypom, determining a standard is needed at this time. The linkdrop mechanism is an important and powerful onboarding tool but is underutilized.

In my experience, standardization is needed so more wallets can support this linkdrop and do it uniformly. While the mechanism is powerful, currently being limited by wallet support causes a disconnect between the goals of onboarding and decentralized choices.

We are already seeing multiple wallets start to implement their own methods which as a developer will either lead to having to "pick a winner" or a need to support multiple methods.

The clear benefits are as Ben stated:

• Simplify the data structure for drops
• Ability to have complex drops (which I think will become more of the norm)
• Opens the possibility for easier KeyInfo add-ons

The only concern I have is that I'd like to see the standard for deleting keys and refunding assets in the initial standard. The strength of having complex drops needs a standardized way to reclaim the assets as well.

Overall, I think this is an important standard to begin to implement to onboard a billion users.

[BenKurrek]

As an update, I'm going to add an optional required_gas field to the top level of KeyInfo. This is extremely important as claim pages need to know how much Gas to attach using the access key. The default will be 100 TGas unless this field is specified. Ken and myself have gone through a first draft of security implications, general linkdrop flow and some other information that we'll add to this standard as well.

[frol]

I am self-assigning myself as an SME reviewer from the Contract Standards WG, so now we have two SMEs for this NEP.

[fadeevab]

If you add indentation (3 or 4 spaces) to this paragraph then you will fix the following markdown lint errors about list item enumeration

[fadeevab]

@BenKurrek ☝️ finish those markdown lint errors please

[robert-zaremba]

@BenKurrek see the summary of errors in the github action (at the bottom of the conversation tab)

[BenKurrek]

I will fix linting errors post consensus

[abacabadabacaba]

As a Contract Standards Working Group member, I lean towards approving this NEP.

However, I would like the author to make certain small fixes should this NEP be approved. One is fixing the Markdown formatting. Another one is clarifying the potential security implications of race conditions (one claim call happening while another is in the process of transferring tokens), attempting to create a linkdrop with a key that corresponds to an already existing linkdrop (if this is not checked, an attacker could overwrite existing linkdrops without knowing their private key), and the combination of these two (attempting to create a linkdrop with a key that corresponds to an already existing linkdrop, which is in the process of transferring tokens).

[BenKurrek]

As a Contract Standards Working Group member, I lean towards approving this NEP.

However, I would like the author to make certain small fixes should this NEP be approved. One is fixing the Markdown formatting. Another one is clarifying the potential security implications of race conditions (one claim call happening while another is in the process of transferring tokens), attempting to create a linkdrop with a key that corresponds to an already existing linkdrop (if this is not checked, an attacker could overwrite existing linkdrops without knowing their private key), and the combination of these two (attempting to create a linkdrop with a key that corresponds to an already existing linkdrop, which is in the process of transferring tokens).

I've addressed both the reentrancy attacks as well as key management (making sure only one key is mapped to a set of assets at a given time) in the security implications section. I will fix the markdown issues and linting post consensus.

[abacabadabacaba]

I've addressed both the reentrancy attacks as well as key management (making sure only one key is mapped to a set of assets at a given time) in the security implications section. I will fix the markdown issues and linting post consensus.

I don't see any mention of an attack where an attacker attempts to create a linkdrop with the same key as an existing one.

[BenKurrek]

I've addressed both the reentrancy attacks as well as key management (making sure only one key is mapped to a set of assets at a given time) in the security implications section. I will fix the markdown issues and linting post consensus.

I don't see any mention of an attack where an attacker attempts to create a linkdrop with the same key as an existing one.

NEPs/neps/nep-0452.md

Line 195 in 17c0294

Another important security implication of linkdrop creation is to ensure that only one key is mapped to a set of assets at any given time. Externally, assets such as FTs, and NFTs belong to the overall linkdrop contract account rather than a specific access key. It is important to ensure that specific keys can only claim assets that they are mapped to.

[abacabadabacaba]

"only one key is mapped to a set of assets" != "only one set of assets is mapped to a key"

[ori-near]

The Contract Standards Work Group met last Friday to review this NEP and reached the following consensus:

Status: Delay decision due to an unresolved concern.

Summary:
Contract Standards Work Group members were leaning towards approving this NEP. However, they decided to delay the voting decision due to the concerns around breaking change to the interface of claim function. Once the author and community alignes on the tradeoffs for the interface of claim function and selects the path forward, the work group will review the updated solution and then communicate their final decision on this NEP.

Meeting Recording:
https://youtu.be/KOIT8XDQNjM

@BenKurrek @kenobijon Thank you for authoring this NEP!

Next Steps:

• The NEP authors (or anyone from the community) have two months to address the concerns raised above and to provide a solution. Please tag the @near/wg-contract-standards team once you are ready for their final review.
• The @near/wg-contract-standards members to review the NEP and re-cast their final votes.

[robert-zaremba]

There are still few unaddressed points from the original review: #452 (review)

[robert-zaremba]

Suggested change

	4. Fungible Tokens & Future Data
	4. Storage Registration & Future Data

[robert-zaremba]

This is not specific to Fungible Tokens. Can also be related to NFTs or Multitoken... Let's just call it Storage Registration (which is a standard by it's own).

[robert-zaremba]

ensure that storage for accounts claiming linkdrops is paid for

That may not be possible, because if it's a new account claiming a drop, then we don't know the new account address.

[nearbuild]

What is blocking this from moving forward?

[abacabadabacaba]

As a Contract Standards Group member, I approve this PR.

[robert-zaremba]

As noted above, I would prefer that the claim methods returns object with nft_list and ft_list. Returning boolean is still better than nothing / simple panic. So not going to block this PR.

[robert-zaremba]

BTW, would be good to cleanup the comments, and check the description improvements before merging.

[frol]

@BenKurrek Please, address the markdown lints and remaining comments from @robert-zaremba:

• [optional] Clear up documentation (make it more meaningful), example: https://github.com/near/NEPs/pull/452/files#r1147490737
• avoid panic in query function --> get_key_information, get_key_balance
  @frol: Given that the implementation is already live on mainnet, let's not touch it
• remove deprecated get_key_balance: https://github.com/near/NEPs/pull/452/files/845cd53a080c7688a6a4583047980ab29640c7e0#r1147491782
  @frol: I believe this method is trivial to implement, and it already exists in the ecosystem, so let's keep it, but mention that get_key_information is the preferred method
• Case about "registration" pattern should be added to Consideration and Security Implications: Some FT and NFT require prior account registration through storage_deposit function to be able to receive tokens. NEP-452 Linkdrop Standard #452 (review)
• Let's make a note that we don't guarantee that all drops are valid: they can expire, a supply can be limited (meaning there are more drops than supply).

@fadeevab Please, add Changelog section with the benefits and concerns mentioned in the reviews (see NEP-399 for example).

[BenKurrek]

@frol I've added the final touches to the NEP as requested by you. Is it ok to move forward at this point?

[frol]

@BenKurrek All looks good except the markdown-lint. Please, fix CI, and I will add the changelog and merge this NEP!

[njelich]

The lint issues is fixed here
#529