FLIP: Interaction Templates

[JeffreyDoyle]

FLIP: Interaction Templates

Abstract

This FLIP proposes a new standard for how contract developers, wallets, users, auditors and applications, can create, audit and verify the intent, security and metadata of Flow scripts and transactions, with the goal to improve the understandability and security of authorizing transactions and promote patterns for change resilient composability of applications on Flow.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated
flow-docs	✅ Ready (Inspect)	Visit Preview	Jun 8, 2022 at 4:32PM (UTC)

[pgebheim]

Thanks! Looking forward to reading through the proposal :-)

[bjartek]

I read through the proposal and I really like the concept alot, I think this is needed SO much to avoid users getting scammed and I would strongly advice it becomes a requirement for all wallets to follow this.

However there is one part of it that I would advice a slightly different approach on. Right now the code that is stored contains variables that have to be replaced for each network, and then you store the addresses for the different networks. The problem with this is that when wallets receive the transaction these replacements are already made, so we make the work for wallets very hard.

In stead I propose that we replace all addresses and just duplicate the code and hash for each network.

I have done some work on this in overflow. The code uses the cadence runtime to parse the code and extract the arguments. Based on the work bluesign did for flow cli without arguments. It is possible to parse doctags here I think I just have not had time for it.

https://github.com/bjartek/overflow/blob/main/overflow/parse.go you can call it like this

package main

import (
	"encoding/json"
	"fmt"

	"github.com/bjartek/overflow/overflow"
)

func main() {
	g := overflow.NewOverflow().ExistingEmulator().Start()

	res, err := g.ParseAllWithConfig(true, []string{
		"^admin*",
		"^setup_*",
	}, []string{})
	if err != nil {
		panic(err)
	}

	merged := res.MergeSpecAndCode()

	file, _ := json.MarshalIndent(merged, "", "   ")
	fmt.Println(string(file))
}

it will produce a json file like this
https://gist.github.com/bjartek/6a707eef7bb808b0325b95dd3bc919e9

This is an example for bl0x.

We then publish an NPM module for that file that the frontend code uses.

[bluesign]

I strongly feel this should be stored on chain.

• It would be more secure
• It would be more discoverable
• It would be more decentralized

Also I think some common tasks should be standard, Initialize new account etc

Ofc best would be to add new Storage to Flow called interactions. Second best would be a Registry contract to manage interactions on chain.

Making this onchain would also allow finally to use Ledger with FCL

Also I feel like with MetadataViews, if we store interactions on chain, we can reference interactions on resources. Send to another address this NFT , Add to collection etc

[pgebheim]

Reminder: discussion about the content of the flip should be directed to the Forum linked in the FLIP.

This is to me preserve a single stream of communication across all in PRs and changes to a single flip.

https://forum.onflow.org/t/flip-934-interaction-templates/3080

[bluesign]

@pgebheim I don't think forum is better for communicating FLIPS, I am not sure if here is the best, but for me it is 10 times better than forum.

• Here I can see if FLIP is updated, what is changed etc.
• Some FLIP owners are kind to communicate back
• I can link from here code etc easier
• Changes are directly notified via GitHub notifications

I don't know maybe active forum users ( if they exist ) disagree with me, I think forum is a bit dead town.

[pgebheim]

A FLIP will have a multiple PRs as it moves through the process.

We want to keep all conversation about the content of the flips on one place and not spread across multiple threads in GitHub.

[bluesign]

Then forum it is 👍

At least you didn't say Alchemy API /s

[turbolent]

Nice work writing up a solution proposal for this problem Jeffrey!
There is definitely a big need to improve the UX and such a standard would help with it.

I like the proposal's feature set, it is great that it includes internationalization.

My biggest concern / question is with the storage / provision of it:

Contract developers should make available their Interaction Templates to others who wish to use them.
They can do this through providing them using a webserver, and have consumers query them.
They may also choose to store them on-chain. They may even choose to store them on IPFS.

Do we want to encourage an on-chain solution here, so this becomes authoritative?
When a template is provided on-chain, and provided by the contract itself, it can be easily trusted.
When a template is provided off-chain, anyone can publish templates for anything, how can they be trusted / verified?

As for the concrete format of the template:

• Maybe improve the naming. Instead of shortening fields, just spell them out, e.g. vsn -> version
• What is the purpose of the f_ prefix?
• What is the difference between the outer version and the inner "data" version?
• What is the "data"? What is the reason for nesting it – could it just be at the top-level?
• data.arguments:
  • Could this just be an array, instead of an object where each entry has to specify an index?
  • Is the idea to allow lookups based on name?
• Keys in messages ... i18n, e.g en-US, should be strings if they are not identifiers, e.g. "en-US"

[bjartek]

I am 100% behind an onChain solution for this. We want the trustless properties of a blockChain, we want the traceability it offers.

[tarakby]

Just a quick comment that is unrelated to the core idea :)
I noticed SHA-256 is used for IDs which is totally fine, except that all IDs in Flow structures (transaction IDs for instance) are computed using SHA3-256, so I thought using SHA3 may keep things more consistent within the ecosystem.

[SaveTheRbtz]

a tiny nit picking:

You may consider using URLs for locations in the doc, e.g:

- GET audits.trusted-auditor.com/id/{template_id} -> InteractionTemplateAudit
+ GET https://audits.trusted-auditor.com/id/{template_id} -> InteractionTemplateAudit

- DNS:transfer-flow.interactions.onflow.org
+ dns://transfer-flow.interactions.onflow.org

- IPFS:64EC88CA00B268E5BA1A35678A1B5316D212F4F366B2477232534A8AECA37F3C
+ ipfs://bafybeigdyrzt5sfp7udm7hu76uh7y26nf3efuylqabf3oclgtqy55fbzdi
+ ipfs://QmbWqxBEKC3P8tqsKc98xmWNzrzDtRLMiMPL8wBuTGsMnR

(not sure if template's location should be a string or a list of string to provide fallback on the client to have an ability to download template from multiple places. Depends on whether the additional complexity worth the reliability benefit.)

Also, IIUC the purpose of encapsulating FLIP's content into the data object is to simplify the computation of the content hash (id)? Maybe it is possible to archive the same by instead moving the content to the upper level (as @turbolent suggested) but incapsulate the metadata into the .metadata object?

[bthaile]

Should arguments be typed? example: amount be ufix64. They are in the example above, are they just missing in this example?

[bthaile]

balance seems to not fit here, would all arguments have "balance" property?

[JeffreyDoyle]

No not all arguments would have a "balance" property. What this aims to do is create a link between the dependencies of the interaction and the argument to show they're related. With this property an app/wallet might be able to use it to determine if a user has sufficient balance of a FT to successfully execute a transaction, for example.

[bthaile]

Based on a forum conversations, there is a strong use case to have template audit information on-chain. I think it can be removed from the actual template.

[bthaile]

In your examples, I'd suggest adding optional Metadata that the developer can add to convey information to Auditor and/or Wallet. This would better show the flexibility of the standard, it'll be very difficult to handle all data cases in this flip.

[pgebheim]

Merging as draft

[pgebheim]

👍 Formatting good for draft!