# Smart signatures
#### 06.1 Writing Smart Contracts
##### Peter Gruber (peter.gruber@usi.ch)
2023-02-10 (started 2022-01-12)

* Write and deploy smart Signatures

## Setup
See notebook 04.1, the lines below will always automatically load functions in `algo_util.py`, the five accounts and the Purestake credentials

In [1]:
# Loading shared code and credentials
import sys, os

codepath = '..'+os.path.sep+'..'+os.path.sep+'sharedCode'
sys.path.append(codepath)
from algo_util import *
cred = load_credentials()

# Shortcuts to directly access the 3 main accounts
MyAlgo  = cred['MyAlgo']
Alice   = cred['Alice']
Bob     = cred['Bob']
Charlie = cred['Charlie']
Dina    = cred['Dina']

In [2]:
from algosdk import account, mnemonic
from algosdk.v2client import algod
from algosdk import transaction
from algosdk.transaction import PaymentTxn
from algosdk.transaction import AssetConfigTxn, AssetTransferTxn, AssetFreezeTxn
from algosdk.transaction import LogicSig, LogicSigTransaction

import algosdk.error
import json
import base64
import hashlib

In [3]:
from pyteal import *

In [4]:
# Initialize the algod client (Testnet or Mainnet)
algod_client = algod.AlgodClient(algod_token='', algod_address=cred['algod_test'], headers=cred['purestake_token'])
algod_client.status()["last-round"]

27758769

In [5]:
from pyteal import *

## The Cash Mashine
Require a "password" in the transaction note for payments

#### Step 1: PyTeal program
* Depending on `Txn.note()` of the *proposed transaction*, this can be **True** or **False**

In [6]:
import random
from random import randrange
a = Int(randrange(2**32-1))   

cashmachine_pyteal = And(
    Txn.note() == Bytes('1234'),
    a == a
)

# Security missing ... do not copy-paste

#### Step 2: Compile PyTeal -> Teal
* No need to print and inspect the TEAL program

In [7]:
cashmachine_teal = compileTeal(cashmachine_pyteal, Mode.Signature, version=8)
print(cashmachine_teal)

#pragma version 8
txn Note
byte "1234"
==
int 3238463771
int 3238463771
==
&&
return


#### Step 3: Compile Teal -> Bytecode for AVM
* `hash` contains the address $\longleftarrow$ corresponds to the `[public]`
* `result` contains the compiled code $\longleftarrow$ corresponds to the `[private]`
* Nothing yet to see at the Hash/Public address

In [8]:
# compile Teal -> Bytecode
Cashmachine = algod_client.compile(cashmachine_teal)
Cashmachine

{'hash': '325WK7ZJTPY7TPTEVU5MHP2DERRVIP32HTHCL5V3PMYLY5QW7LUWM5X2V4',
 'result': 'CCABm5KciAwxBYAEMTIzNBIiIhIQQw=='}

#### Step 4: Deployment – Alice funds the smart signature

In [9]:
# Step 1: prepare transaction
sp = algod_client.suggested_params()
amt = int(2.5*1e6)
txn = transaction.PaymentTxn(sender=Alice['public'], sp=sp, receiver=Cashmachine['hash'], amt=amt)

# Step 2+3: sign and sen
stxn = txn.sign(Alice['private'])
txid = algod_client.send_transaction(stxn)

# Step 4: wait for confirmation
txinfo = wait_for_confirmation(algod_client, txid)

Current round is  27758787.
Waiting for round 27758787 to finish.
Waiting for round 27758788 to finish.
Transaction SO6RTMJ5BOPSMGM3KCLQTSRZBQQKMLWMK5K6DXOL7QFOSBB73YHQ confirmed in round 27758789.


In [10]:
# Look on Algoexplorer.io at the smart signature. 
# The smart signature is funded.
print('http://testnet.algoexplorer.io/address/'+Cashmachine['hash'])

http://testnet.algoexplorer.io/address/325WK7ZJTPY7TPTEVU5MHP2DERRVIP32HTHCL5V3PMYLY5QW7LUWM5X2V4


#### Step 5: Alice informs Bob

In [11]:
print("Alice communicates to Bob the following")
print("Compiled smart signature:", Cashmachine['result'])
print("Address of smart signature: ", Cashmachine['hash'])

Alice communicates to Bob the following
Compiled smart signature: CCABm5KciAwxBYAEMTIzNBIiIhIQQw==
Address of smart signature:  325WK7ZJTPY7TPTEVU5MHP2DERRVIP32HTHCL5V3PMYLY5QW7LUWM5X2V4


#### Step 6: Bob proposes a transaction to the smart signature
* Again he proposes a payment from the cashmachine to **himself**
* The payment transaction is signed by the smart signature, **if the conditions are fullfilled** (correct password)

In [12]:
# Step 1: prepare TX
sp = algod_client.suggested_params()
withdrawal_amt = int(0.1*1e6)
my_note        = '1234'             # correct password
note           = my_note.encode()

txn = PaymentTxn(sender=Cashmachine['hash'], sp=sp, 
                 receiver=Bob['public'], amt=withdrawal_amt,
                 note=note)

# Step 2: sign TX <---- This step is different!
encodedProg = Cashmachine['result'].encode()
program = base64.decodebytes(encodedProg)
lsig = LogicSig(program)
stxn = LogicSigTransaction(txn, lsig)

# Step 3: send
txid = algod_client.send_transaction(stxn)

# Step 4: wait for confirmation
txinfo = wait_for_confirmation(algod_client, txid)

Current round is  27758797.
Waiting for round 27758797 to finish.
Waiting for round 27758798 to finish.
Transaction EIXCFS3XUMC6S5WU2657JNNKROBBV4H5R2SGL6GXRLSGD4TL7F6A confirmed in round 27758799.


#### The dirty secret
* Inspect smart signature on Algoexplorer
* Click on TEAL > Transaction ID
* The password is visible in note/ASCII

In [13]:
print('http://testnet.algoexplorer.io/address/'+Cashmachine['hash'])

http://testnet.algoexplorer.io/address/325WK7ZJTPY7TPTEVU5MHP2DERRVIP32HTHCL5V3PMYLY5QW7LUWM5X2V4


### Things that can and will go wrong
* Intentionally

#### Charlie tries a withdrawl, but he uses the wrong password

In [15]:
# Step 1: prepare TX
sp = algod_client.suggested_params()
withdrawal_amt = int(0.1*1e6)
my_note        = '1234'             # <-- WRONG password
note           = my_note.encode()

txn = PaymentTxn(sender=Cashmachine['hash'], sp=sp, 
                 receiver=Charlie['public'], amt=withdrawal_amt,
                 note=note)

# Step 2: sign TX <---- This step is different!
encodedProg = Cashmachine['result'].encode()
program = base64.decodebytes(encodedProg)
lsig = LogicSig(program)
stxn = LogicSigTransaction(txn, lsig)

# Step 3: send
try:
    txid = algod_client.send_transaction(stxn)
except algosdk.error.AlgodHTTPError as err:
    print(err)               # print entire error message

# Step 4: wait for confirmation
# No need to wait for confirmation
#txinfo = wait_for_confirmation(algod_client, txid)

#### Dina does not even know that there is a password

In [18]:
# Step 1: prepare TX
sp = algod_client.suggested_params()
withdrawal_amt = int(0.1*1e6)
#my_note        = '1234'             # <-- WRONG password
#note           = my_note.encode()

txn = PaymentTxn(sender=Cashmachine['hash'], sp=sp, 
                 receiver=Dina['public'], amt=withdrawal_amt)

# Step 2: sign TX <---- This step is different!
encodedProg = Cashmachine['result'].encode()
program = base64.decodebytes(encodedProg)
lsig = LogicSig(program)
stxn = LogicSigTransaction(txn, lsig)

# Step 3: send
try:
    txid = algod_client.send_transaction(stxn)
except algosdk.error.AlgodHTTPError as err:
    print(err)               # print entire error message

# Step 4: wait for confirmation
# No need to wait for confirmation
#txinfo = wait_for_confirmation(algod_client, txid)