Smart Contract profile retro-compatibility

MetaZebre
5 min readApr 28, 2022

--

We’ve seen yesterday how to allow new smart contracts to get their profile too in Profiles for Smart Contracts. The only problem is that that method would not work for already deployed and non upgradable smart contracts. Here is how we can circumvent that issue.

Using ownable

A lot of, if not most of the smart contract deployed on any blockchain has some administration functionalities. To protect these admin functions, contract usually implement the ownable contract.

This is how we can use ownable to allow owners of contracts to set a profile for the contracts they own:

  1. We’ll add a setProfileFor(forAddress, ipfsCID) function in my profile contract.
  2. If you want to set the profile for your already deployed smart contract address, you will call that function, passing your contract address as first parameter.
  3. When the profile contract receives your call, it will ask to your contract who is its owner. If the owner address of your smart contract matches your address (which I can read in msg.sender), then it will recognise you as the rightful owner of the contract, and allow you to set the profile file for it.

Implementation in Solidity

Here is the final implementation of my Profile contract:

Profile.sol

// SPDX-License-Identifier: GPL-3.0
pragma solidity ^0.8.9;
interface IOwnable {
function owner() external view returns(address);
}
contract Profile { // contract data
mapping(address => string) private _profiles;
function getProfile(address addr)
external
view
returns(string memory)
{
return _profiles[addr];
}
function setProfile(string memory ipfsHash)
external
returns(bool)
{
_profiles[msg.sender] = ipfsHash;
return true;
}
function setProfileFor(address addr, string memory ipfsHash)
external
returns(bool)
{
// get the owner of the contract
address contractOwner = IOwnable(addr).owner();
// check contract owner is msg.sender
require(contractOwner == msg.sender, "You are not the owner of that contract");
// set profile
_profiles[addr] = ipfsHash;
return true;
}
}

Conclusion

Exploring this profile system, first for normal blockchain users, then for smart contracts, we’ve learned quite a few things:

  1. how to put files on IPFS,
  2. how the store the reference to these files on the blockchain,
  3. how smart contracts can call one another to write or check each other’s data.

I hope you enjoyed the ride and learned a few things with me.

The limitation of that system is for contracts that don’t implement ownable, or contract that have been renounced. For these two cases, there could have been a solution if smart contracts had the ability to get the transaction history of the blockchain: my profile smart contract could have checked who has renounced a contract and allow that unique address to set the profile. Or it could have checked who deployed a contract, and again, allow that unique address to set the profile.

Sadly, there is not such possibility in Solidity: smart contracts don’t have access to the blockchain transaction history. So there is no way I can implement this feature and we are stuck for these renounced or not ownable smart contracts … unless any of you know of some Oracle that could give us these info?

Implication 1: decentralised ownership of profiles

How many times have you set up your preferences in each of the dozens of websites we use nowadays? Each website endlessly ask you the same questions about your preferred topics, interests, language, country, avatar, currency, timezone, nickname … wouldn’t it be great to answer these questions once and for all? And the moment you suddenly prefer to have the prices listed in € instead of $, the moment you are suddenly not interested in PHP anymore but now in JavaScript and Solidity, this profile system would enable to change your profile ONCE, and all the websites you use would update this info the next time you visit them.

Blockchains can free us from having to remember dozens of passwords, as you can now simply log into any clever web 3 aware website with your crypto wallet. The same way blockchains can grant you a personal self sovereign identity you can manage and update as you please.

Implication 2: decentralised … centralised profile system

But what if the profile smart contract was controlled by a central entity? The entity would have full power over the setProfile() function, but anyone could still call the getProfile() function. Imagine. The Home Ministry could maintain the same kind of smart contract. You’d go to your town hall to prove your real identity, then give them your wallet address (at least the wallet address you’d use for any official activity), and they could associate that wallet address with a profile file where some data describing you could be found. The fact that the smart contract was officially managed by the home ministry would certify the data is true, and the fact that you have access to that wallet address would certify that the data is yours.

It could be your name, address (surely not, as remember that all of this data is open for anyone to see, index, archive …), or your social security number, your pension benefit registration number, your voting office number, or driving licence number with the remaining number of points that are on it … it could be your blood group, social credit score (yeah I know, the possibilities are just as endless as frightening …).

Ok, this kind of system applied to individuals is just creepy. But we could use that kind of simple system for already openly accessible informations. I would not be surprised if in 10 years, each company would have this kind of centralised decentralised profile. The CEO of the company would own the wallet address, and the data in the profile file would certify all the legal stuff, from VAT numbers, to all due legal obligations. That profile would unlock any compatible administration service, and make legal, economic and tax information easier to access and process. Administration 3.0.

Of course, in the world, we would all have an official, and a (or many) private wallet addresses.

Implication 3: unstoppable doxing

If we now take a Black Mirror perspective, what if some profile smart contract starts to openly associate data about your private wallet address using the same simple architecture? Any organisation could implement the same sort of system to associate a distributed profile to your blockchain address. The IRS, Interpol, or any kind of organisation, they could associate any kind of information, from past frauds and crimes, to personal info and embarrassing pictures. We could have a top 10 most wanted blockchain addresses.

Of course, nothing is easier than creating a brand new wallet address, … but in a not so distant future, who knows how many doors will open our wallet address? How many services it will allow us to use? Will changing our wallet address be that easy when web 3.0 will be as common as web 2.0 now?

Next time, we will add a final touch to our smart contract (yes, there are one or two other things that could be added) and, at last, deploy it on some mainnet.

--

--

MetaZebre

Follow Le Zèbre in his investigations in the land of yield addicts and leverage dealers. #DegenDeFi