Complete dapp in 1 week!
Welcome to my 1-Week-Aepp-Challange.
The goal is to develop complete decentralized application (dapp) with Aeternity blockchain (aepp).
I’m documenting the whole design and development process.
Feel free to follow the progress.

Day 6: Logonity 1.0 – the decentralised logo marketplace overview and features.
Day 5: https://pthomann.pl/1-week-aepp-challange-day-5-dapp-client-contract-use-and-security/

Logonity 1.0 Alpha

Logonity
Logonity

Finally!

The Logonity 1.0 is live [TESTNET network]. Check it:
https://logonity.mobycrypt.com

How to play

Interaction with Logonity requires to have testnet account – and the private/public keys of the account.
Generating account for testnet purpose can be done using aecli – command-line tool for Aeternity. Among features like checking blockchain stats, sending transactions – it gives the possibility to generate accounts and reading private keys.

Get your testnet account in few steps:

  1. Clone this repo to your local machine (just download) https://github.com/aeternity/aepp-cli-js
  2. Go to aepp-cli-js-develop/bin folder (of the repo)
  3. ./aecli.js account create mywallet – this command will create the account, generating file mywallet in the current repository (aepp-cli-js-develop/bin). Feel free to provide password (can be empty too).
  4. ./aecli.js account address mywallet --privateKey – after providing the password for the account, the public and private keys will be displayed
  5. In order to account be usable, you must feed it with Ae tokens. Here is testnet faucet url. Provide there your public key and get free Ae testnet tokens: https://testnet.faucet.aepps.com/

Well done. You are ready to play with Logonity.

How it works

Basically it covers the initial requirements of decentralised logo marketplace.

1. Anyone can create logo commission – providing the description of the logo to be created and the appropriate reward. Ofcourse logo commission author must have the desired amount of tokens (to provide the reward). Every new commission is created in the blockchain as the seperate smart contract. Created commissions are visible in the Logonity main view.

2. Anyone can submit logo proposal to the selected commission – logo proposal is submitted to the blockchain smart contract of selected commission. Logo file is saved in the Logonity backend. Submitted proposal can be visible in the logo commission gallery (however it contains watermark).

3. Logo commission principals can choose the won logo – selecting logo gives the possibility to download the file with the logo. Author of the logo gets the reward for the logo – the smart contract sends the reward tokens to the logo proposal author address.

What’s still missing?

  1. Automatically logo choosing feature– there should be autmated mechanism which chooses the won logo after some time (let’s say 1 week after commission starts) if logo principal didn’t choose any. It should asure that there will be winner of the commission. If principal will not choose the best logo – randomly selected logo will win and author of the logo will get the reward.
  2. Random choosing of the winner in case of wrong input – at the moment there is possibility to provide to the smart contract the id of the picture which was not submitted to smart contract. In this case smart contract will not find the winner address and will send the reward to the logo commission author. The logic here should be changed.

Security

Logonity alpha version has few security flaws due to it’s architecture which must be addressed. I will not focus on providing priv/pub keys which is neccessity at the current stage of SDK – it will be changed in the future and more secure mechanism will be provided (with ofcourse MUCH more better UX).

The main flaw of the architecture is that the client deploys the smart contract to the network. It simply compiles the smart contract, deploys it to the network and updates the centralised server about the commission. Actually there is no problem to involve (as attacker) in any of these stages. What’s the possible danger scenario? The attacker would deploy own malicious smart contract to the network and then upload information to centralised server about this contract. Users (logo authors) would upload their logo proposals not being aware that smart contract may never send them the reward after all (because of modified logic). The solution for this would be deploying the smart contract from “trusted” backend side – which I wanted to avoid. Another would be somehow operate on one smart contract – global smart contract (known, trusted one) – however in this case this global smart contract would grow and grow, being quite complex. I will try to focus on providing secure solution still having the smart contract deployment from the client side.

Summary

Logonity alpha version was delivered. I succeed to create simple dapp with I hope usable functionality. I’m going to develop it to provide usable tool. There are still a lot of things to fix and to better. In the next, last article I will describe some proposals of Logonity future enhancements in context of more sophisticated Aeternity features like e.g. Oracles.


Also published on Medium.