In order to associate a web2 user account with a Web3 wallet, we need a way for the database to provide a challenge that the web2 user must answer via web3.
Here is my very simple solution.
- Api creates a unique
nonce
to an authorized user who has provided an EVM wallet address. This hash is stored with an expiration in the Db and returned to the client. - The client immediately initiates a transaction for the user to sign with the
nonce
as an argument to the smart contract function. This is sent to theWalletAssociation
smart contract address. - The code packages the nonce with
msg.sender
and emits an event.
Here is the contract in its entirety:
pragma solidity ^0.8.0;
// Contract to handle user registration and challenge answer
contract WalletAssociation {
event E(address indexed userWallet, uint256 answer, uint256 timestamp);
function a(string memory answer) public {
emit E(msg.sender, answer, block.timestamp);
}
}
- The indexer gathers the event and sends it to the backend to complete the handshake, checking the
nonce
address
combination and validating the wallet for the user.
@Madgeniusblink are there any other potential exploits with this approach that would have to be accounted for?