Pay a user's gas: Ethereum - ethereum

I need some assistance. I am working on a smart contract that will allow a user to save a string (mapping(address=>string)). The only problem, I would like the contract to pay for the gas for the user to save the string. Any idea on how to

This is a proposed feature but not yet implemented: https://github.com/ethereum/EIPs/issues/1776
This feature is known as meta-transaction: the sender of the transaction doesn't pay for gas.
While there is no native way to conduct meta-transactions yet, there are third-party efforts to implement it, searching the web with meta-transaction keyword should yield useful stuff.

Have a look at the Gas Station Network Alliance:
https://blog.zeppelinos.org/gas-station-network-alliance/
Depending on your use case, if you don't need to save strings directly on chain, an alternative would be something like Peepeth - microblogging with a soul. Peepeth batches signed messages stored in IPFS and anchors the batched data on chain: https://peepeth.com/a/free

Related

Approximating cost of using Chainlink for custom API

I am planning out a new project in which I need to connect one particular Fiat payment gateway to my smart contract. I don't want to have a system with a centralized backend, so I am exploring the possibility to use Chainlink to communicate with API and then pass response to my smart contract. I know that Chainlink allows any contract to access any external data source through their decentralized oracle network. The problem is I can't approximate how much LINK it will cost me to get a response from 1 oracle. Is there some average cost of a 1 response from an oracle and what determines such cost
I tried to look up this information, but it does not seem that this topic is discussed much. Also probably I didn't look in the right place
The problem is I can't approximate how much LINK it will cost me to
get response from 1 oracle.
Nobody can. When you make a request to oracle, you are calling a smart contract function and this will cost you gas which varies depending on the congestion in the system. if system is busy, it will cost more gas. Also when you interact with the chainlink, you are actually passing data to chainlink smart contract which makes some calculations, so you pay for those gas too.
Calling one oracle is sending a request to one oracle. oracle is a chainlink node operator, and it set its own price. But sending a request to only one node is not a decentralized approach even though each node have multiple data resources. you should make a request to several nodes meaning that you need to pay each node operator. when you make a request to several nodes, you receive the average of those responses.
The service you want to use is Chainlink Any Api, and in the service the cost of LINK depends on the node operator you are using.
There is a fee required by node operator. When you send a request, you actually require Chainlink node to provide a service. Usually the service is not free and the fee of a request is set by the node operator. The fee varies across different node operators. If you are only a consumer to use service provided by node operators, you just need to check the fee of different node operators.
you, of course, also has to pay gas fee for your transaction, but that it it costed in ETH rather than LINK (as you asking how much LINK it will cost, I assume you know it).
If you are a node operator and want to run the service for yourself, you may want to consider the following 2 factors:
Congestion of the system mentioned by #Yilmaz. When the blockchain you are using is very busy, the gas price is high so that the more gas fee, which is the result of (gas price) x(gas limit), will be cost more.
The logic of fulfill function in your contract. Fulfillment function is the "callback" function of Chainlink Any Api. Oracle node will fetch the data demand in the request and then call the fulfill function in consumer contract. In fulfill function, logics varies from simply saving the data in a variable or doing some calculations. The more complex logics, the more gas limit required.
Hope it helps!

How many 2-Legged tokens can a Forge App have active at once?

How many 2-Legged tokens can a Forge App have active at once?
I think the answer is 'more than any reasonable person would ask for', but I haven't been able to explicitly confirm this yet.
That's an interesting question. I don't think there's any limit to how many access tokens you can have at a single point time but I would definitely not recommend generating new token for each request. Not only is it wasteful but you could also run into rate limiting quotas.
The recommended practice is to generate one or more tokens on the server side (for example, one with viewables:read scope for public use, and one with additional scopes for internal use) and only refresh them when they expire.

Ethereum Smart Contracts. Could I mask / hide the Contract Creator address and if so, do I need to?

I'm a product manager not a Blockchain coder, looking for a 2nd opinion and some general good practice advice. I have one question in bold, the rest is background.
Background:
We have an app in development that will write user's information into a Smart Contract on the ETH blockchain.
The SC's we deploy contain information only, no Ether.
Each user has their own SC which stores only that users specific information.
Our App allows the user to edit and update this information and then upload the changes, encrypted, into their own SC.
The user's SC address is 'tied' (sorry for lack of correct terminology) to their own Ether wallet.
I see on Etherscan (Ropsten) there is a Contract Creator address which is a constant for all the SC's our App creates.
I'm assuming that the contract creator address is unique to us, it is code we've created and as such it deploys only our Smart Contracts on behalf of our Application.
I was hoping that each SC address would be known only to its owner and us only. Now I see that anyone can access this information.
My Concerns:
Should there be an exploitable flaw in our code then a bad actor has a list of contract addresses to attack.
The worst-case risk to us is that a bad-actor could access each users data in an unencrypted state if a flaw exists in our publicly accessible code.
The Bad-Actor then uses that flaw and the list of smart contract addresses they can get from Etherscan to download multiple users data.
My Question
Are these realistic concerns?
If so what general directions can we look at to mitigate these risks
If so is there a way I can obscure the Creator address in Etherscan without other negative consequences
The developers are outsourced 3rd parties and excellent people to work with. But Im looking for an alternate opinion than just theirs at this time as a double check.
Apologies if the information Ive provided is confusing or incomplete.
Thanks in advance for your time.
I was hoping that each SC address would be known only to its owner and us only. Now I see that anyone can access this information.
As you have addressed here, data regarding the blockchain (i.e. transaction hashes, contract addresses, and user addresses) is transparently available. This is by-design with Ethereum and allows for the traceability aspect of the ledger.
Furthermore, smart contract data is potentially available to any actor in the Ethereum network. However, that is based upon the following:
In order to access the smart contract data, an actor would require the contract ABI. This interface allows code to be written to interact with the smart contract methods. Now, it is helpful to understand that this ABI could hypothetically be easily reverse-generated with enough details of how your DApp interacts with the existing smart contract.
If your smart contract logic has exploitable flaws, a malicious actor on the network could take advantage of this. This is why contracts should be well-written and unit tested with near (if not) 100% code coverage. You should also identify the potential actors in each contract scenario and be sure your test cases appropriately cover these scenarios.
If so what general directions can we look at to mitigate these risks
Given the contract scenario you have described, if the only actor who should have access to these user data smart contracts is the user them self, then you simply need to apply something akin to a function modifier to your smart contract logic. In the linked example, access to the smart contract data is restricted to a single specific Ethereum user address.
If so is there a way I can obscure the Creator address in Etherscan without other negative consequences
Sure. It sounds like you're currently using a single account to deploy the smart contracts, hence the creator address is constant. (Side note: I'm not sure why you're deploying the contract on behalf of the user with this account, it sounds like the user should be deploying their own smart contract). Regardless, you could simply create a new proxy user address each time you deploy the smart contract. However, I don't see any benefit to doing so and this would just be an example of security through obscurity.

Can we use mysql with ethereum?

We are thinking of building a dapp for finding salon near me and allowing booking. In such application end users has to be shown the salons which are at a certain distance from their current location. Where would be query that data from. Cause I don't think so that kind of querying is possible in solidity. Do we need to bring in any RDBMS in such a scenario to store salon data so that we can query it easily and booking information can be sent to blockchain.
Is hybrid application the only way out? People are talking about IPFS should be used for storing the images, videos and other data. Is that the solution, if yes then how would we query it from there? Moreover, would it be fast enough?
TL;DR: Short answer: you might, but you shouldn't.
The real question here is what do you need ethereum for in this project?
In Ethereum, each write operation is costly whereas reading data isn't. Write operations are transactions, read are calls.
It means that "uploading" your salon list will cost you money (i.e. gas), but also each data update (opening hours, booking ..).
For the mysql specific part of your question, well Ethereum is not designed for that kind of operation.
Something with an oracle might do the trick but it's truly not designed for. See Ethereum like a way to intermediate transactions between peers that stores every transaction publicly and permanently.
According to the Wikipedia page blockchains are basically a "continuously growing list of records". Ethereum has the possibility to make workers run some code in exchange of gas.
This code (or Smart Contract) only purpose "to facilitate, verify, or enforce the negotiation or performance of a contract" (here contract is a legally binding contract).
From what you described, IMO a simple web application with "standard" SQL is more than enough.
You just have to store the salons' GPS coordinates and do the closest match(es) from the user's GPS coordinates.
You likely want to separate your application into two parts:
- The part which shows the available booking times
- The part which makes a new booking

Working with tokens in the ethereum blockchain

I am writing a test application that allows people to purchase tokens.
I am adapting the example from here: https://ethereum.org/token#the-code
Here are my questions:
What is the best way to have a registry of purchases? I would assume this can be a simple web interface that queries the block chain to see who has bought what.
If this is correct, does this mean running geth on a server in order to have the latest blockchain available and then using some kind of PHP / Javascript library in order to query the blockchain every so often?
What is the best way to sell tokens? Could this be done via a web interface or would it be best to sell via the ethereum wallet? Or both?
Lets say I want to split a token into a number of parts as such:
A: A full token = 1
B: 1/10th of a full token called a 10token
C: 1/10th of a 10token called a 100token
D: 1/10th of a 100token called a 1000token
What is the best way to represent this?
For instance, if someone owns a full token they have 100% of that tokens rights. However it would be possible for many parts of a token to be owned by different people who will share rights according to their share.
Visually, it would look something like this:
How to do this is a puzzle to me.
What is the best way to have a registry of purchases? I would assume this can be a simple web interface that queries the block chain to see who has bought what.
You can do the registry in your token sale smart-contract by making event like this
event TokenPurchase(address indexed purchaser, address indexed beneficiary, uint256 value, uint256 amount);
In this case you will be able to watch event log later and get all the addresses you need.
Another approach is to add a simple map to your contract like this mapping (address => uint256) public deposited; and add elements to this map on purchases.
About the representation of the registry for the users you better just take a look at ICO's you like and make it in the same way.
What is the best way to sell tokens? Could this be done via a web interface or would it be best to sell via the ethereum wallet? Or both?
I would say both. But it depends on who are your tokens for. If you sell only using ethereum wallet you will loose a lot of users not familiar with blockchain.
Lets say I want to split a token into a number of parts as such
Take a look at the solutions offered by OpenZeppelin project. Just read their contracts code and I think you'll find solutions you were looking for in this post.