Smart Contract (Solidity) Auction when bidders abstracted from their wallets - blockchain

I have a web site which sells certain information for its users for a fixed cost.
I want to go ICO with my business and trying to change my operating model so it can leverage blockchain technology.
However I want to make sure that auction participants are in some way abstracted from their Ethereum wallet and budding in points (they will pay later if action is actually won. i.e. eBay model) without knowing that they are actually using blockchain behind the scenes. Once bidding is complete, ICO investors will automatically get their share distributed to them, and winning bidder will receive their info upon payment (in most cases real money which we will convert to ETH and mark status as paid in solidity contract)
Is there any solution for that problem, can i create wallets on the fly for the bidders accounts? Since my site is always a seller, is there a way to set auctions automatically (interact with my contract from my lets say java backed etc?)
Is there any work around/ suggestions?
Thank You

You can create wallets on the fly for your customers. That's perfectly doable. But as you create the wallets, customers can't trust those wallets you have their private keys, so they should withdraw the funds immediately to their wallets. This took us to step 0: Wallet creation. So either way, your customers have to create a wallet for themselves, for security reasons.

Related

Hyperledger network approach

Taking the following service description:
X is a platform matching buyers and sellers.
Buyers can join the platform by creating a buyer account and browse seller shops, buy, manage their account, ..., on the Buyers client application.
Sellers can join the platform by creating a seller account and manage their shops and orders, ..., on the Buyers client application.
I am still confuse about the right approach to adopt.
Here I represented the organization X (the platform). I assume that a buyer is not considered as an organization but rather a user of X. So every time a buyer create an account, I register a user under X, save email and password on an external database and link this entry to a user in X's wallet.
A seller can be considered as an organization (at least to me but happy to debate on that). So every time a seller create an account, I have to create an add a new organization to the existing network. They will however share the same "Seller application", also using a email/password approach.
In most of the sample under the Hyperledger Fabric repo, there is like 3-4 organizations at the start of the network and it is quite painful to add one more to an existing network. In my case, I could end up with 1 million organization or an infinite if the service is a success. Can this scale?
Is it the correct approach for this kind of use case? Any feedback or resource related to this use case is welcome.
This doesn't look like a valid use of hyper-ledger fabric. The blockchain is optimized to store transactional information. It isn't a regular DB, if you try, for instance, to store "user profiles" you will have a hard time trying so. For instance, each member for the blockchain network (again, hyper-ledger fabric) is meant to keep a copy of the ledger. Thus, everyone would get access to all user profiles. You can play around with PDC (private data), or as you mention, having virtually infinite users created on a single organization, but that isn't really how it's supposed to be used..
So, again, hyper-ledger fabric is meant to store transactional information (ledger relates to transaction). I think whatever strategy you try to implement for your use case, you should keep buyer/seller profiles/information off chain, and use the ledger only for transactional information that members of the network can see. In this scenario Fabric would server as an audit trail system, adding trust to each operation between buyers/sellers.

Is there a way to use multisig without smart contracts on Ethereum?

I have already found many wallets that offer multisig smart contract deployment. But this way is very expensive and slow, because it requires a lot of transactions.
I think there is another way. For example, we can create many private keys, sign transactions with them, and then combine the results into one final transaction.
Is such a scheme possible? Or maybe I missed some services?
Ethereum does not support native threshold wallets. You need to use multisignature wallets like Gnosis Safe.
Gnosis Safe requires only one transaction per execution from the multisig wallet. Other communication happens off-chain. Thus your assumption "very expensive and slow, because it requires a lot of transactions." is incorrect.
Currently, Ethereum protocol only supports smart contract based multisignature wallets. They are very expensive to deploy and they do expose wallet setup: participants of multisig wallet, many of them and what is the minimum amount of confirmation to transfer funds from this wallet. On top of that, smart contract should know how to work with native coins, with different kinds of tokens and be able to handle multiple spending requests. This all adds weight to smart contract and makes it more expensive to deploy and operate.
However, there is a threshold signature system (TSS). In the nutshell it works the following way: all participants generate their own private keys, then they derive their respective public keys and share with others. The group public key is literally a sum of participants public keys. When they need to sign a transaction they calculate their individual shares of r and s values of a signature. This way they literally can just sum up their signature shares and get a group signature. This approach is called multiplicative-to-additive transformation and is a scope of multi party computation (MPC).
The advantage of it is that group does not expose their wallet participants to the world and transaction cost is the same as if that was signed by a normal private key (through a Metamask for example). On top of that, there is no difference what transaction you are signing, coin transfer, NFT token minting or deployment of smart contract.
If you want to try this in action feel free to download multichain multisig wallet: WH Cypher. It supports Bitcoin, Litecoin, Ethereum, ERC20 tokens, BSC, BEP20 tokens and more. There will be more blockchains supported soon. You can setup there any wallet scheme: 2-of-2, 2-of-3, 3-of-5 and so on. There is also test networks avalable: Bitcoin Testnet and Ethereum Ropsten.
Disclaimer: I am a developer of this wallet. Feel free to reach out to me to provide feedback or request new features.

Questions abous blockchain and ethereum

I'm reading about blockchain and started devoloping my first smart contract, i have a lot of experience devoloping IT solutions, but everything in blockchain look very different than what i'm used to, i can't visualize some approach and possible i'm losing something in my reading, if someone could help me with those questions below ...
:)
so lets go
Suposing i have a blockchain solution running in ethereum. It's a voting system and this system was devoloped by a district to do a research with your citizens so
If one of the citizens vote, it's a transacation in ethereum and this must be paid using gas. To do that, you need ether and when you create an account this is zero. How would the citizens vote ? will they need to buy ether in a exchange (or mining ?) ?
how can i block votes outside my district if everybody in the network can send data to my smart contract ?
Is it common to have a traditional system for store other datas (address, phones, SSI) and use only a particular transaction, like vote, in blockchain ? how can i integrate them ?
i have created a wallet in myetherwallet. This wallet is the same as a new account command using geth ? is it possible to connect to my wallet created in myetherwallet from geth ?
where can i find a god material for those topics ?
Please find below responses from my end. Remember, the more responses we get to these questions the more diverse it can become as ideas differ from one individual to another based on lots of factors. Anyhow, here we go...
If one of the citizens vote, it's a transacation in ethereum and this must be paid using gas. To do that, you need ether and when you create an account this is zero. How would the citizens vote ? will they need to buy ether in a exchange (or mining ?) ?
Yes, for starters they have to pay the gas. Although, there's an ERC827 out there not to pay fee, and also some discussions around delegating the payment to a specific account, such that instead of individual users the owner of the smart contract can pay. In this case maybe the government can bear the amount.
how can i block votes outside my district if everybody in the network can send data to my smart contract ?
You can run consortium chain like quorum to limit the participants to a specific group. So that the transactions aren’t visible to everyone. Because on the Blockchain main chain of Ethereum it’s visible to everyone.
Is it common to have a traditional system for store other datas (address, phones, SSI) and use only a particular transaction, like vote, in blockchain ? how can i integrate them ?
Yup, you don't want to take the Personal Information (PI) onto Blockchain as its visible for everyone to view. Instead you can have them store in a database and use an Oracle service to be able to talk to outside Blockchain.
i have created a wallet in myetherwallet. This wallet is the same as a new account command using geth ? is it possible to connect to my wallet created in myetherwallet from geth ?
Yes, pretty much possible. You can use your password (or) mnemonic to connect to that account from your geth node.
where can i find a god material for those topics ?
Get this book on amazon or if you are eager to read it before you get the paperback book read it on github here. A better way to read this as a book on github is install an extension called Octotree
Hope, i have answered your questions, except one :)

Blockchain dApp: How end user use dApp without care of Ethereum Account

I want to develop a dApp (Smart Contract) on Ethereum and have a mobile application on top of it.
My concern is: every time we interact with Smart Contract to inquiry or change data, we need a account as well as a certain number of ETH used as Gas. It looks no problem on the development environment, but getting into trouble in real life, I mean about user experience (UX).
- Whenever a user download and install the app, we will create for them an Ethereum account. BUT where they can get ETH to interact with Smart Contract? And absolutely, they don't care and don't want to be bothered with exchange ETH.
I have an alternative solution: we have only 1 Ethereum account with some ETH in their and act as the Proxy to the Smart Contract. Whenever user's request come, we delegate the request to Smart Contract and return to user. BUT it seems we will lost the main characteristic of Blockhain: Decentralized :) Who know we might arbitrarily change the Smart Contract without user attention.
Any suggestion is appreciated. Thank you!
You can send some ether to each new user that is just enough to call your contract.

how to uniquely identify user on ETH blockchain

I am currently learning ETH blockchain based DApp development. I want to ask that, if we are developing an eVoting application based on blockchain, then how can we ensure that each citizen is voting only once and votes are calculated properly to avoid duplicate votes?
Thanks
Identity is a very difficult thing to do on the blockchain and is the subject of very active research by many large and small entities.
With this said, the way to limit users to one vote each on the Ethereum blockchain is to limit each public address to one vote each. Your smart contract can check if the user has already voted, and can deny the user a second vote. This does not stop users from simply creating a second account and voting again.
The most effective way to do this given technological limitations is to simply perform the identity check off-chain. You can implement a Know Your Customer (KYC) system on your site and assign each user to a single address. Provided the system is robust, it should be extremely difficult for people to create multiple identities.