Web3 App Store Protocol: Provides a standard for registration and distribution of Web3 applications

first level title

Background

Currently, developers can provide users with trustless protocol layer services through a set of smart contracts on the blockchain. However, the typical everyday user will not have the ability to directly understand and use these smart contracts - thus, they need a trustless, secure and easy-to-use application layer.

Application layer developers deploy easy-to-use user interfaces to help users interact directly with protocols and tokens. Most of these applications will try to connect to the user's Web3 wallet and request the signature directly.

We refer to these applications as"Web3 App". For example, Uniswap's official web application, hosted athttps://app.uniswap.org, is a typical Web3 application that will help users interact with their own protocols on the blockchain. The following is the technical structure of Uniswap's applications and protocols:

Motivation

As smart contracts on the protocol layer proliferate together with corresponding Web3 applications, we can still see two key issues in current industry practice around accessibility and security.

Accessibility

First, most Web3 applications today store their code in cloud services controlled by the project owner. If the owner takes the site offline, or the site is shut down by DDos, or in response to national policy requirements, etc., a typical user will no longer be able to easily manage their assets (unless they are smart enough to interact directly with the protocol layer ). Uncertainty of access can be scary because it reduces trust between users.

Security

Second, most users currently access Web3 applications through a combination of Web browsers and Web3 plug-ins, and this process is full of security issues. This gives both the project team and hackers the opportunity to embed new malicious code in Web3 applications, thereby stealing users' assets.

first level title

Specification

Web3 App Store Protocol

we propose aWeb3 App Store ProtocolTo address the aforementioned accessibility and security issues. These app stores should contain a smart contract basedWeb3 App Registry (Web3 App Registry), a Web3 application package based on metadata stored off-chain around permissions, version descriptions, specifications, etc., and a Web3 application store client installed on the user's local device. After that, we also needWeb3 auditorsTo help users audit the source code of Web3 applications. The relationship between these components is shown below.

Web3 App Registry (Web3 App Registry)is a set based onWeb3 App Registration Standard (Web3 App Registration Standard)smart contract. Groups (Orgs) and individuals can set up their own Web3 application registries without permission. Web3 developers can use their on-chain accounts to register their Web3 applications in this registry, and perform version management on the distribution and checksum of the installation package. Auditors can use their on-chain accounts without permission to audit all these applications and publish the results in the registry.

Web3 App PackagesRefers to software released by developers for users to install Web3 applications on their local devices. These packages can be stored in any centralized or decentralized storage service, and the URL and checksum of the package should be recorded on the registry. At the same time, based onWeb3 Application Configuration Standard (Web3 Application Configuration Standard)Above, at the root of the package there should be a configuration file containing the permission statement and version description for the Web3 application. The storage path of the source code should be specified in the configuration file so that auditors can easily obtain the source code for auditing.

Web3 App Store Client (Web3 App Store Client)is software installed on the user's local device. groups and individuals canWeb3 App Store Client Standard (**App Store Client Standard)Freely build your own app store client on the basis of Clients can connect to one or more registries at the same time. It needs to get the list of Web3 applications, version information and audit information from the registry. When a user installs or updates a Web3 application, the installation package needs to be obtained automatically. Then verify that the checksum of the package is equal to the checksum in the registry. Finally, it should tell the user how many permissions this Web3 application requires. After the user confirms the permission, the Web3 App will be installed on the local device.

This design framework ensures the accessibility of Web3 applications because users can continue to use old local versions - and have the right to upgrade according to new registries and new application packages.

At the same time, the client will verify the checksum of the local software package with the checksum in the registration center (checksum), thus avoiding the chance of hackers or project teams changing, and ensuring that the applications used by users are consistent with the registration center on the chain Consistent with the published applications. The configuration file in the software package also points to the current version of the source code, and the auditor can use the checksum to verify that the software package is packaged from these source codes. It will ensure consistency between source code and installation packages, and then ensure that users are using secure packages that have been audited by auditors.

When the user uses the Web3 application, the client will also limit the permissions of these applications according to the permission statement of the application confirmed by the user before. Then fully guarantee the security of users when accessing local Web3 services.

Web3 App Registration Standard (Web3 application registration standard)

pragma solidity ^0.8.0;
/**
* @title AppRegistration interface
*/
interface IAppRegistration {
   struct auditorVote {
       address auditor;
       uint8 level;
   }
   function createApp() external returns (uint256);
   function addVersion(uint256 appId, string memory versionId, string memory fileUrl) external;
   function getAppIds() external returns (uint256[] memory);
   function getVersions(uint256 appId) external returns (string[] memory);
   function getVersionFileUrl(uint256 appId, string memory versionId) external view returns (string memory);
   function voteApp(uint256 appId, uint8 level) external;
   function voteAppVersion(uint256 appId, string memory versionId, uint8 level) external;
   function getVotes(uint256 appId, string memory versionId) external returns (auditorVote[] memory);
}

Web3 App Configration Standard (Web3 application configuration standard)

{
 "properties": {
   "name": {
     "title": "Name of the App",
     "type": "string"
   },
   "logoUrl": {
     "title": "Logo of the App",
     "type": "string"
   },
   "description": {
     "title": "Description of the App",
     "type": "string"
   },
   "origin": {
     "title": "Online dapp origin",
     "type": "string",
     "pattern": "^((https|http)?:\\/\\/)[^\\\\s]+"
   },
   "permissions": {
     "properties": {
       "web3Provider": {
         "requestAccount": {
           "title": "If App need permission to connect with wallet",
           "type": "boolean"
         },
         "personalSign": {
           "properties": {
             "request": {
               "type": "boolean",
               "title": "If App need permission to request sign text message"
             },
             "patterns": {
               "type": "array",
               "title": "Patterns of text message"
             }
           },
           "title": "Declaration for sign text message",
           "type": "object"
         },
         "transaction": {
           "properties": {
             "request": {
               "type": "boolean",
               "title": "If App need permission to request transaction"
             },
             "contractCalls": {
               "type": "array",
               "title": "Declaration for contrat transaction"
             },
             "tokenApproves": {
               "type": "array",
               "title": "Declaration for token approval"
             },
             "ERC20TokenTransfer": {
               "type": "array",
               "title": "Declaration for ERC20 token transfer transaction"
             }
           },
           "type": "object",
           "title": "Declaration for transaction"
         },
         "network": {
           "urlPatterns": {
             "type": "array",
             "title": "Patterns of whitelist network request URL"
           },
           "title": "Declaration for APP network request",
           "type": "object"
         },
         "title": "Declaration for Web3Provider permissions",
         "type": "object"
       }
     },
     "title": "Declaration for App permissions",
     "type": "object"
   },
   "app": {
     "properties": {
       "id": {
         "title": "AppId allocated by App Store",
         "type": "string"
       },
       "chainId": {
         "title": "The chainId which App Store deployed",
         "type": "string"
       },
       "contract": {
         "title": "The contract address of App Store",
         "type": "string"
       }
     },
     "type": "object",
     "title": "App information on App Store"
   },
   "source": {
     "properties": {
       "repository": {
         "type": "string",
         "title": "The URL that can access App source code",
         "pattern": "^(https:\\/\\/|git@)[^\\\\s]+"
       },
       "buildScript": {
         "type": "string",
         "title": "The script that can complie source code to bundles"
       },
       "systemEnvironment": {
         "type": "string",
         "title": "The system environment that can make sure auditor can build bundle which has the same SHA256"
       }
     },
     "type": "object",
     "title": "Information of source code for auditor use"
   }
 },
 "title": "Web3 App json config file",
 "type": "object"
}

Web3 App Store Client Standard (Web3 App Store Client Standard)

interface App {
 app: {
   id: string
   chainId: string
   contract: string
 }
 permissions: {
   network: {
     urlPatterns: string[]
   },
   web3Provider: {
     requestAccount: boolean
     personalSign: {
       request: boolean
       patterns: string[]
     },
     transaction: {
       request: boolean
       contractCalls: ContractCallItem[]
       tokenApproves: TokenApproveItem[]
       ERC20TokenTransfer: ERC20TokenTransferItem[]
     }
   }
 }
 source: {
   repository: string
   buildScript: string
   systemEnvironment: string
 }
 appId: number
 domain: string
 versionId: string
 files: string[]
 name: string
 description?: string
 logoUrl: string
}
enum VoteLevel {
 DANGER = -1
 UNKNOW = 0
 SAFE = 1
}
class Web3AppStore {
 chainId: string; // The chainId which App Store deployed
 
 contract: string; // The contract address of App Store
 
 getApps(): Promise
 
 getApp(appId: number, version?: string): Promise
 
 getAppVersions(appId: number): Promise

 createApp(): Promise
 
 addVersion(appId: number, fileUrls: string[]): Promise
 
 voteApp(appId: number, level: VoteLevel): Promise
 
 voteAppVersion(appId: number, versionId: string, level: VoteLevel): Promise
 
 // Validate the SHA256 of App file is same as versionId of not
 validateAppVersion(app: App): Promise
 
 // Validate if the domain which declared in domain property has the same web3.json file of current App
 validateAppDomain(app: App): Promise
}

Releases

No releases published

Packages

No packages published