Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

address update proposal #123

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

address update proposal #123

wants to merge 1 commit into from

Conversation

tolya-yanot
Copy link
Member

Proposal that will prevent the loss of user funds in case of erroneous sending

TON is a blockchain for massadoption, so we propose a number of guidelines and small changes in the address format,
so that even if the inexperienced user is inattentive and sends funds to the wrong place, the funds were not lost and bounced back to him in most cases.

This proposal describes changes that almost do not break backward compatibility. However, at the same time we can discuss other proposals, including more radical ones.

Examples of cases where a user can lose funds:

  1. The user copied the address in the testnet service, but mistakenly interacts with it or sends coins to it from the mainnet wallet app.

    Since there will be no such address in the mainnet, the wallet app will now set the non-bounceable mode and send coins that will remain at the destination address and will be lost

  2. Let's imagine a smart contract for the sale of NFT (for example, belonging to some marketplace), after receiving Toncoins from the buyer, this contract sends NFT to the buyer and destroy itself, because its mission is completed.

    However, the UI may not be updated immediately and another user may send Toncoins for purchase to this contract address. Since the contract will no longer exist, the wallet app will set non-bounceable mode and Toncoins will remain forever at the destination address and will be lost.

    At the moment, most marketplaces bypass this by not destroying the sale smart contract.

  3. The smart contract of the service (e.g. DEX) has not been deployed yet, but the user has already sent coins there, the wallet app will set non-bounceable mode and Toncoins will remain forever at the destination address and will be lost.

Suggested behaviour:

  1. All TON apps and services must show addresses with a testnet flag set if they are on a testnet network.

  2. All TON apps and services should reject addresses with a testnet flag set if they are on a mainnet network.
    For example, mainnet wallets should not allow sending coins to a testnet address in any way.

  3. User apps and services should only accept addresses in user-friendly format and not accept addresses in raw format.

  4. All services must only display and accept urlsafe format, and not operate with non-urlsafe form.

  5. All wallets should show non-bounceable addresses.

  6. All other smart contracts should always show in bounceable form.
    The creators of such smart contracts (for example, DEXes) must first deploy such smart contracts themselves in order for the bounceable form of the address to be applicable.

  7. bounceable flag from address representation should now be taken as "force-bounceable".

    When sending, wallets must accept this flag as follows:

    if true - all messages to this address can ONLY be sent in bounceable mode, even if the destination contract has an uninitialized state.

    if false - means that a non-bounceable message can be sent to the destination address.
    The wallet app checks the destination address - if it has an uninitialized state, then it sends a non-bounceable message, otherwise it sends a bounceable message.

    Since only wallets will use the non-bounceable form, it will also be possible to distinguish the wallet from the service smart contract using this flag.

Migration Plan

Since there are already many services and applications in the TON network, it makes sense to carry out the migration in stages:

  1. All popular services must apply a testnet flag to the addresses on their testnet versions.

  2. All popular wallets and services (such DEX'es or NFT marketplaces) must reject destination testnet addresses in mainnet.

  3. All popular services must not display and accept "raw" address form and non-urlsafe form.

  4. All popular wallets must show user's address in non-bounceable form.

    This modifies only the leading and last characters of the address, while the body of the address remains the same.

    However, changing the address may confuse some users, so advance warning and explanation in public channels is needed.

  5. All popular exchanges and services must show deposit addresses in non-bounceable form.

  6. All popular exchanges should not allow withdrawals to non-wallet addresses (to non-bounceable addresses).

  7. After that all popular wallets must implement new bounceable flag algo.

Suggested behaviour of TON DNS:

The DNS recode scheme assumed a cap_is_wallet flag (which allow to send non-bounceable messages).

cap_method_seqno#5371 = SmcCapability;
cap_method_pubkey#71f4 = SmcCapability;
cap_is_wallet#2177 = SmcCapability;
cap_name#ff name:Text = SmcCapability;


cap_list_nil$0 = SmcCapList;
cap_list_next$1 head:SmcCapability tail:SmcCapList = SmcCapList;

dns_smc_address#9fd3 smc_addr:MsgAddressInt flags:(## 8) { flags <= 1 }
  cap_list:flags . 0?SmcCapList = DNSRecord;

However, this flag was not widely used and applied in practice.

Based on the fact that DNS names are mainly used for user wallets and to a much lesser extent for service addresses, we propose to introduce the flag

cap_only_bounceable

which will mean that non-bounceable message should never be sent to this address.

DNS records of addresses of existing services can be updated, because this is in the interests of the services themselves.

Suggested behaviour of TON Connect

TON Connect methods (such as sendTransaction) must accept a domain or address in user-friendly form as the destination address, and not accept the raw form.

A dapp that calls such a method either received this address from the user, or knows the type of smart contract (for example, it sends a transaction to the DEX smart contract, which means bounceable form).

@tvorogme
Copy link

tvorogme commented Jun 13, 2023

I would vote to either wait for other options or take some time. I don't like that flags use the first bits of addresses and users don't have a single address option with which they could define their transactions in any service without buying a domain (although the rules for displaying domain instead of address are not defined).


Since only wallets will use the non-bounceable form

Probably still add explorers?

@mr-tron
Copy link

mr-tron commented Jun 13, 2023

Suggested behaviour:
0. All libraries, services and wallets should support DNS. tolya.ton should be first class entity with same support level as EQCdqXGvONLwOr3zCNX5FjapflorB6ZsOdcdfLrjsDLt3Fy9.

@Osasv
Copy link

Osasv commented Jun 13, 2023

UQBtIj4QE6xT2gmUtfmT5xp9CDVOvCuIcj2w3bvRsZT_55Rk

@BeyCoder
Copy link

Suggested behaviour:
0. All libraries, services and wallets should support DNS. tolya.ton should be first class entity with same support level as EQCdqXGvONLwOr3zCNX5FjapflorB6ZsOdcdfLrjsDLt3Fy9.

up

@oleganza
Copy link

oleganza commented Sep 4, 2023

I agree with @mr-tron that TON.DNS support should be a requirement for all TON services.

Also I suggest rewriting a bit this TEP to put the migration plan up front and all the technical discussion below.

Plus, let's add some realistic deadline and prepare network-wide communication to make all the users familiar with the change, so they are not surprised when the addresses switch from EQ... to UQ... Those who look at the last 3-4 characters of the address will be surprised because the checksum will change. We need to make sure people don't feel like that may lose money if someone continues to use their old-style address.

@mr-tron
Copy link

mr-tron commented Sep 4, 2023

we are already working on supporting dns as first class address form. tongo library implemented it today. ton-kotlin promised to do it in the nearest future. tonutils-go author promised to think how it can be done. I hope over libraries developers will join to our small initiative. You can contact me in telegram @subden for any questions.

@Osasv
Copy link

Osasv commented Sep 4, 2023 via email

@Osasv
Copy link

Osasv commented Sep 4, 2023 via email

@slavafomin
Copy link

Hello!

All services must only display and accept urlsafe format, and not operate with non-urlsafe form.

@tolya-yanot could you please elaborate on what's wrong with accepting the url-unsafe format of the address (just for backward-compatibility purposes)?

@slavafomin
Copy link

slavafomin commented Oct 4, 2023

@tolya-yanot

only wallets will use the non-bounceable form

  1. All popular exchanges should not allow withdrawals to non-wallet addresses (to non-bounceable addresses).

There must be a mistake here. Shouldn't it be:

  1. All popular exchanges should not allow withdrawals to non-wallet addresses (i.e. to bounceable addresses).

?

@Alferid1
Copy link

How can i.merge ..?

@Tamkin44
Copy link

Tamkin44 commented Jun 6, 2024

UQBM8_B71xv91aBGx7qSdauVyU0SqlrMQ9Ctd7b2XJ9eUS0G

1 similar comment
@Tamkin44
Copy link

Tamkin44 commented Jun 6, 2024

UQBM8_B71xv91aBGx7qSdauVyU0SqlrMQ9Ctd7b2XJ9eUS0G

Copy link

@Poer1008 Poer1008 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Poer168

@Malikgousi
Copy link

New address

@Rohan1363m
Copy link

Rohan1363m commented Jul 16, 2024

Hi is this true without knowing the account of a large amount of Coins and Tons Coins were withdrawn from notcoin the Tonkiper wallet
UQC6P_IPXqi0fVw2F7uknJIBRgVVyCHzxa88lddDSS1iw2S-

@Rohan1363m
Copy link

Rohan1363m commented Jul 16, 2024

Hi is this true without knowing the account of a large amount of Loton Coins and Tons Coins were withdrawn from the Tonkiparm wallet Hi, is it true to withdraw a large amount of Knotcoin and Toon Coin from the Toonkiparm wallet without knowing the account? UQC6P_IPXqi0fVw2F7uknJIBRgVVyCHzxa88lddDSS1iw2S-

@Yosofmb
Copy link

Yosofmb commented Jul 16, 2024 via email

@Rohan1363m
Copy link

I have updated it, but there is no news about Coinham and Ton-Coinham

@Rohan1363m
Copy link

I didn't send any currency to anyone, I don't even know what happened to my tokens.

@Rohan1363m
Copy link

Rohan1363m commented Jul 19, 2024

Hi is this true without knowing the account of }xa88lddDSS1iw2S-

@shyrybovich222 shyrybovich222 mentioned this pull request Jul 26, 2024
Copy link

@OKE66 OKE66 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

EQD5mxRgCuRNLxKxeOjG6r14iSroLF5FtomPnet-sgP5xNJb

@Lexa77Q
Copy link

Lexa77Q commented Aug 22, 2024

👍

Copy link

@OKE66 OKE66 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alex UQC2RRBsgX-BPlrJjJgX2ZObVUlY0e67Fl0JGszCc5DcxBBT

Copy link

@Lexa77Q Lexa77Q left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm

Copy link

@OKE66 OKE66 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alex

Copy link

@Danyalkasiri Danyalkasiri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.



5) If destination is not `unitialized` then wallet app uses the bounceable/non-bounceable flag from the address representation for the `bounce` field of sending message.
The wallet app checks the destination address - if it has an `uninitialized` state, then it sends a non-bounceable message, otherwise it sends a bounceable message.

## Public keys

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

text/0002-address.md

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

S5GBV4VFFSVSW6VVFYBEAEVTNYCM6ZVP

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Danyalkasiri
Copy link

  1. _
    تکراری از #_

Copy link

@Nopandi1101 Nopandi1101 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cap_method_seqno#5371 = SmcCapability;
cap_method_pubkey#71f4 = SmcCapability;
cap_is_wallet#2177 = SmcCapability;
cap_name#ff name:Text = SmcCapability;

cap_list_nil$0 = SmcCapList;
cap_list_next$1 head:SmcCapability tail:SmcCapList = SmcCapList;

dns_smc_address#9fd3 smc_addr:MsgAddressInt flags:(## 8) { flags <= 1 }
cap_list:flags . 0?SmcCapList = DNSRecord;

@Nopandi1101

This comment was marked as spam.

@Nopandi1101

This comment was marked as spam.

@Nopandi1101

This comment was marked as spam.

@Nopandi1101

This comment was marked as spam.

@Nopandi1101

This comment was marked as spam.

Copy link

@Nopandi1101 Nopandi1101 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

UQC53Sk3lkCm0E7kSejCsBk8z9f_Yf4ndp-MNNUjRhG5O0KV
Screenshot_20240907-061355
Screenshot_20240907-052447
Screenshot_20240907-052427
Screenshot_20240907-052413
Screenshot_20240907-052407
Screenshot_20240907-052355

This comment was marked as spam.

Copy link

@Nopandi1101 Nopandi1101 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

0xF1CA31083E0c073779C8D5ACA3F1bB3b4CBB558B

Copy link

@OKE66 OKE66 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

0002-address.md

@Nopandi1101

This comment was marked as spam.

Copy link

@Nopandi1101 Nopandi1101 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cap_method_seqno#5371 = SmcCapability;
cap_method_pubkey#71f4 = SmcCapability;
cap_is_wallet#2177 = SmcCapability;
cap_name#ff name:Text = SmcCapability;

cap_list_nil$0 = SmcCapList;
cap_list_next$1 head:SmcCapability tail:SmcCapList = SmcCapList;

dns_smc_address#9fd3 smc_addr:MsgAddressInt flags:(## 8) { flags <= 1 }
cap_list:flags . 0?SmcCapList = DNSRecord;

@Nopandi1101

This comment was marked as spam.

@Nopandi1101

This comment was marked as off-topic.

@Nopandi1101

This comment was marked as outdated.

@Nopandi1101

This comment was marked as spam.

Copy link

@Euomen888 Euomen888 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice

@Copvt

This comment was marked as spam.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.