# Smart signatures
#### 06.1 Writing Smart Contracts
##### Peter Gruber (peter.gruber@usi.ch)
2022-01-12

* Include safety conditions in Smart Signatures

## Setup
See notebook 04.1, the lines below will always automatically load functions in `algo_util.py`, the five accounts and the Purestake credentials

In [None]:
# Loading shared code and credentials
import sys, os

codepath = '..'+os.path.sep+'..'+os.path.sep+'sharedCode'
sys.path.append(codepath)
from algo_util import *
cred = load_credentials()

# Shortcuts to directly access the 3 main accounts
MyAlgo  = cred['MyAlgo']
Alice   = cred['Alice']
Bob     = cred['Bob']
Charlie = cred['Charlie']
Dina    = cred['Dina']

In [None]:
from algosdk import account, mnemonic
from algosdk.v2client import algod
from algosdk import transaction
from algosdk.transaction import PaymentTxn
from algosdk.transaction import AssetConfigTxn, AssetTransferTxn, AssetFreezeTxn
from algosdk.transaction import LogicSig, LogicSigTransaction

import algosdk.error
import json
import base64
import hashlib

In [None]:
from pyteal import *

In [None]:
# Initialize the algod client (Testnet or Mainnet)
algod_client = algod.AlgodClient(algod_token='', algod_address=cred['algod_test'], headers=cred['purestake_token'])
algod_client.status()["last-round"]

In [None]:
print(Alice['public'])
print(Bob['public'])
print(Charlie['public'])

## A stupid mistake with Modesty
* The programmer makes a small mistake ... with huge consequences
* The idea was that only Bob can withdraw a max of 1 ALGO

##### Step 1: The programmer writes down the conditions as a PyTeal program

In [None]:
max_amount = Int(int(1*1E6))                         # <---- 1e6 micro Algos = 1 Algo

modesty_condition = And (
    Txn.receiver() == Addr(Bob["public"]),           # Receipient must be Bob
    Txn.amount() <= max_amount                       # Requested amount must be smaller than max_amount
)

fee_condition =  (Txn.fee() <= Int(1000))                  # Avoid transaction fee attack

saftey_condition = And (
        Txn.type_enum() == TxnType.Payment,                 # Must be a "payment" transaction
        Global.group_size() == Int(1),                      # Avoid transaction group attack
        Txn.rekey_to() == Global.zero_address(),            # Aboid rekey attack
        Txn.close_remainder_to() == Global.zero_address()   # Avoid closeout attack

)

stupid_pyteal = Or(modesty_condition, fee_condition, saftey_condition)

##### Step 2: Compile PyTeal -> Teal

In [None]:
stupid_teal = compileTeal(stupid_pyteal, Mode.Signature, version=8)
print(stupid_teal)

##### Step 3: Compile Teal -> Bytecode for AVM

In [None]:
Stupid = algod_client.compile(stupid_teal)
Stupid

##### Step 4: Alice funds and deploys the smart signature

In [None]:
# Step 1: prepare transaction
sp = algod_client.suggested_params()
amt = int(2.2*1e6)
txn = transaction.PaymentTxn(sender=Alice['public'], sp=sp, receiver=Stupid['hash'], amt=amt)

# Step 2+3: sign and sen
stxn = txn.sign(Alice['private'])
txid = algod_client.send_transaction(stxn)

# Step 4: wait for confirmation
txinfo = wait_for_confirmation(algod_client, txid)

##### Step 5: Alice informs Bob

In [None]:
print("Alice communicates to Bob the following")
print("Compiled smart signature:", Stupid['result'])
print("Address of smart signature: ", Stupid['hash'])

In [None]:
# Check on Algoexplorer
print('https://testnet.algoexplorer.io/address/'+ Stupid['hash'])

#### Step 6: Charlie clears out the Smart Signature

In [None]:
# Step 1: prepare TX
sp = algod_client.suggested_params()
withdrawal_amt = int(0*1e6)              # <---------- too much!!
txn = PaymentTxn(sender=Stupid['hash'], sp=sp, 
                 receiver=Charlie['public'], amt=withdrawal_amt,
                close_remainder_to=Charlie['public'] )

# Step 2: sign TX <---- This step is different!
encodedProg = Stupid['result'].encode()
program = base64.decodebytes(encodedProg)
lsig = LogicSig(program)
stxn = LogicSigTransaction(txn, lsig)

# Step 3: send
txid = algod_client.send_transaction(stxn)

# Step4: wait for confirmation
txinfo = wait_for_confirmation(algod_client, txid)

#### Step 7: The money is gone

In [None]:
# Check on Algoexplorer or directly
print('https://testnet.algoexplorer.io/address/'+ Stupid['hash'])
print('https://testnet.algoexplorer.io/address/'+ Charlie['public'])
print(algod_client.account_info(Stupid['hash'])['amount'])
print(algod_client.account_info(Charlie['public'])['amount'])