Thanks @alexvandesande!
I agree that splitting up groups of transaction authorizations into separate contracts makes sense, it allows easier management on the part of the user and doesn’t require redeploying one large “validation function” contract every time the user wants to change their authorizations. Moreover, it should be the case that these validation contracts can be shared between users, so a single contract can handle a “CryptoKitty of the month” subscription for all subscribers.
I don’t quite understand the 500K / 1M return integer. Is that a way for the validation contract to tell the account contract whether or not a transaction is valid? Why not just use a boolean, or perhaps a list of keys which need to have signed the transaction?
With grouped authorization contracts as I understand them, the examples could work like the following:
User starts out with an account contract, which exposes an execute function as above, but with the additional parameter of address validationAddress. In addition to the checks listed above, when execute is called, the account contract checks that the calling contract (msg.sender) was granted permission by the user to use the specified validationAddress (in many cases, msg.sender can be anyone, but the validationAddress needs to have been explicitly authorized).
- I would like to transfer 1 Ether to my friend to pay for dinner, once, now. I’ve previously created a “phone validation contract”, and authorized my phone’s public key to use this validation contract. The phone signs a message to transfer 1 Ether, the phone validation contract checks that the transfer amount is less than or equal to 1, and the transaction clears.
- I would like to transfer 100 DAI to my son next Tuesday, only if his account balance is below 10 DAI, as allowance for dinner with his friends. I’ve previously created an “allowance validation contract” and authorized my son’s public key to use this validation contract. My son signs a message to pay himself allowance, and the “allowance validation contract” checks that the amount is correct and that he hasn’t already withdrawn allowance this week.
- I would like to authorize my phone to spend Ether from my main account, but only up to 2 Ether per week, in case it gets stolen. Same case as 1.
- I would like to authorize CryptoKitties to transfer 0.1 Ether per month from my account for a “CryptoKitty-of-the-month” promotion, until I cancel this subscription. I authorize the existing “CryptoKitty-of-the-month” public key to use the “CryptoKitty-of-the-month validation contract”, which checks that the amount is correct, that I’m only charged once per month, and that I get my CryptoKitty.
-
I would like to only allow transfers of more than 5 Ether if I authorize the transfer from both my laptop and my phone. I authorize a multisig validation contract, which can send any transaction but requires signatures from both my laptop and phone public keys (
messageSignaturesare forwarded to the validation contract).
Is that in line with your model, or did you have something different in mind?