Skip to content
This repository has been archived by the owner on Aug 1, 2024. It is now read-only.
/ StarkCheck Public archive

Server that ensure a starknet transactions respect a certain policy

License

Apache-2.0 license
5 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

LedgerHQ/StarkCheck

BranchesTags

Repository files navigation

Starkcheck

Quality checks

StarkCheck is a module to Ledger Fresh that simulates transaction sent by an user and ensure they respect a defined policy. The goal is to protect the user assets by using a second signature made by StarkCheck to prevent malwares when using a less secured signer.

Wanna chat with us? Join our Telegram group

How it works

The contract account is modified to take a second signature made by Starkcheck to validate its transaction. This signature is returned by this API if the tx respect the policy. A policy is link to a signer of the acccount, so an user can define a policy based on the security of the signer. i.e a nano can be allowed to perform more operations.

API

This API expose a route to submit a sign transaction with the signer pub_key. Under the hood the following steps are done.

  • Fetch the policy on chain using the events.
  • Simulate the transaction to get its trace
  • On the trace get all events that are related to approve and transfer
  • check that the policy is respected
  • Sign the transactionHash is the policy is respected. Else returns the number of events that does not respect the policy

it also exposes routes to encode/decode a Policy

Policy

Policy type and expression

The policy is express as an Array of

interface Policy {
    address: string;
    amount?: string;
    ids?: string[];
}

if Amount is defined -> ERC20 rules for spending (per transaction) if ids is defined -> ERC721 rules for protecting NFT. If ids = [] all NFTs from the collection are protected

Policy storage

The policy is stored on starknet using the cheap storage of Events. Because a signer can be used on many devices we can't rely on local storage and we don't want to store the policy on starkchecks directly.

To save space the following encoding is done to the policy policy

The event looks like this

event policy_Allowlist (signer_pub_key: felt,policy_len: felt,policy: felt*)

Getting Started

Requirements

  • Node >18.X

Install

First install the dependencies

    pnpm install

Then install the pre-push hook using lefthook

    npx lefthook install pre-push

Tests

    pnpm test

Tests are run against real trace transactions made onchain. On note.md you can see on starkscan the transaction. To extract its trace run

starknet get_transaction_trace --hash <txHash> --network alpha-mainnet > trace.json

About

Server that ensure a starknet transactions respect a certain policy

Topics

fresh innovation infraprj-4968

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

5 stars

Watchers

5 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages