Find out why the combination of the two services makes it easy to create a seamless user experience

dApps users want secure and easy to use services.This requires using fully tested and audited contracts. Transaction fees should be optimized and transactions should never be stuck. Find out how the Rockside Relayer and Gnosis Safe combo meets these expectations.

The combo to offer seamless user experience and maximum security

Rockside has developed a service for relaying transactions through Gnosis Safe Smart Contract. Thanks to this new service, users sign message containing information about the transaction they would like to execute and Rockside guarantees them the transaction will never be stuck.

Rockside ensure the inclusion in a Block at the best price/time ratio and bear any additional gas if necessary. The use of “Rockside x Gnosis Safe” is compatible with all smart contract and remains completely non-custodian.

About Gnosis Safe wallet

Gnosis Safe is one of the best smart contract based wallet available on Ethereum. Fully tested, audited and trusted by the ecosystem. It can manage all token standards and more, has a fully configurable multi-signature feature and is compatible with all the client side wallets. The safe will represent your identity on the chain, it will hold your ether and be the owner your tokens (ERC20, ERC721, …).

About Rockside

Sometimes Ethereum transactions are stuck or lost. To attempt to solve this problem, developers overpay transactions and must remain on-call to unblock them. Rockside is a transaction relayer for sending Blockchain transactions at a fixed and predetermined price and time. Rockside ensure the validation of your transactions and bears any additional gas.

“Using Rockside to relay transactions to Gnosis Safe greatly simplifies the implementation of seamless user experience with transaction Fee payment by the dApp or Gas reimbursement with any ERC20 for example. Transactions will never be stuck and the system remains completely non-custodian!” Vincent— Rockside CTO

Show me the code!

The first thing you need is an EOA (External Owned Account). It can come from a third party wallet compatible with wallet connect.

You need to deploy the safe with this EOA as its owner. The easiest way to deploy your gnosis safe is to use their web app https://gnosis-safe.io/app/ and follow instructions. If you want to do it by your self, you should take a look at the documentation here.

Finally, be sure to transfer some ether to the safe, it will need it to reimburse the transactions relays.

Now your safe should be all set !

Making transactions with Rockside

When you want to make a transaction with the safe you have different things to consider.

First get Rockside relay params:

curl --location --request GET 'https://api.rockside.io/ethereum/mainnet/relay/{GNOSIS_ADDRESS}/params' \
--header 'Content-Type: application/json' \
--header 'apikey: {API_KEY}'

And the result should be something like this:

{
    "speeds": {
        "fast": {
            "gas_price": "191000000000",
            "relayer": "0x4fd022fBc4120F411Dee990EfED5a89Ae7BE8b26"
        },
        "fastest": {
            "gas_price": "222000000000",
            "relayer": "0x1D83aCb8d12BBed174A7E42411608f96A14fd2f5"
        },
        "safelow": {
            "gas_price": "169000000000",
            "relayer": "0x3115ab1E26E1D7eD0CFFD7D6d50e4D9dbDEb33ec"
        },
        "standard": {
            "gas_price": "185000000000",
            "relayer": "0x541Ad2a0ddBD00D65b0397E14529C638f45a30d0"
        }
    }
}

You must choose a speed and save the associated gas_price and relayer.

You need to create a safe transaction object with the following: to, value, data, operation, safeTxGas, baseGas, gasPrice, gasToken, refundReceiver, nonce (details on each fields).

You can either encodePacked those arguments or call function getTransactionHash(address to, uint265 value, bytes data, uint8 operation, uint256 safeTxGas, uint256 basGas, uint256 gasPrice, address gasToken, address refundReceiver, uint256 nonce) to get the transaction hash. Once you have it sign it using the EOA controlling the gnosis safe.

You can now encode the call to gnosis:

function execTransaction(
    address to,
    uint256 value,
    bytes calldata data,
    uint8 operation,
    uint256 safeTxGas,
    uint256 baseGas,
    uint256 gasPrice,
    address gasToken,
    address payable refundReceiver,
    bytes calldata signatures
)

You now have the encoded hex data of the call and you can make a relay request to Rockside.

curl --location --request POST 'https://api.rockside.io/ethereum/mainnet/relay/{GNOSIS_ADDRESS}' \
--header 'Content-Type: application/json' \
--data-raw '{
  "speed": {SPEED},
  "data": {DATA}
}'

And the result will be a transaction_hash and tracking_id. The tracking_id is more reliable, it will remain the same if the transaction is replayed.

{
    "transaction_hash": "0x6663a81a1a827c4bf2301eb169de900c51d2b6e4e2c26d503dce10888f8cdee9",
    "tracking_id": "01E9ZSDHMYYFMW3E1CVQ9ADVHK"
}

And that’s it ! Your transaction will be relayed by Rockside, you can be sure that it will be included in the blockchain in time.

Batching

You can make batch by calling MultiSend (available here) a contract developed by Gnosis team. But the tricky thing is that you need to call it with a DELEGATECALL. For more details, the repository linked below include an example on how to use it.

Conclusion

As a dApp developper, if you want to provide your users with a SmartWallet, Gnosis Safe is a very good choice (open source, tested, audited, secure…). But having the safe is just the half way, you still need to relay transaction to it.

“Just send to Rockside API the same data as you will send to a node, we manage the rest.” — Frederic, VP of Engineering

Rockside, by managing replay transaction and gas price optimisation , makes Gnosis integration quick and easy for developers.

Repository

rocksideio/rockside-integration-examples

Co-written by Tangui Clairet and Vincent Le Gallic

Join the Rocksiders community :

Subscribe to our newsletter.
Try Rockside, visit our website
Follow us on Twitter.
Join our Telegram
Join our Slack.

Gnosis Safe x Rockside was originally published in Rockside on Medium, where people are continuing the conversation by highlighting and responding to this story.

In order to build the best transaction relayer, we have interviewed the real ethereum users. Corporates, startups, and consulting companies from different sectors agreed to share with us their day to day challenges of building on ethereum. Here is what we learned from them!

About Electrify

Electrify is building a peer to peer platform to resell the power from small sources to someone else in the same power grid. Their solutions allow a utility company to operate this across a citywide grid. They have successfully launched their P2P platform commercially in Singapore.

Bring innovation to the industry

The energy industry is not very well known for innovation. The costs of infrastructure are very high, the power grids are designed for a centralized operating system, and there are not many operators, so it is hard to change the way they run.

The first challenge is to sell utility companies the idea of peer to peer.

When it comes to using blockchain use cases, most utility companies started to trade RECs (renewable energy certificates). It is basically a tracking system that allows people to trade certificates if they produce or consume renewable energy. The problem with the REC trading market is that you buy the certificates based on your volume of consumption of energy but there is no actual proof of that.

So how can this system be more transparent, and prove to people that the transactions occurred? If we can actually prove the source of the energy, we don’t need a certificate and we don’t need RECs. And this is where a blockchain-based peer to peer platform proves itself to be very useful, to provide proof on the source of energy and the data.

Deal with a high volume of transactions and a need for transparency

The volume of data and the volume of transactions are incredibly high. So running this on the blockchain comes with many operational challenges.

The purpose of the Electrify platform is that users can see how much energy they got transacted. To bring this level of transparency, using a public blockchain such as Ethereum appears to be the right solution. But with such a large amount of data that needs to be hashed, it is very time-consuming and hard to scale with that speed.

Moreover, utilities almost all rely on on-site servers, they have not migrated into the cloud because data security is too important. Cybersecurity is their first concern and they go for physical security first, so asking them to put their data in the blockchain is a tough challenge.

Maintain a great user experience

On the other end, the users have never engaged with their utilities. Most people use energy and then pay the bills: there is no UX or interaction with utilities. So when introducing a peer to peer platform, it is important to generate interest from users and to add a degree of involvement from them, otherwise, it is pointless.

Indeed, the interface and the UX are key.

This is why, at Rockside, we have been focusing on how to make the onboarding process smoother while keeping a full decentralized system. With Rockside APIs, the user doesn’t have to bother about any blockchain-related understanding or knowledge. Rockside manages the interaction with the blockchain, allowing the user to create accounts and perform a transaction with a simple UX.

About Rockside

Rockside is the platform for integrating blockchain in any business. Through a simple and reliable transaction relayer API, Rockside makes sure transactions are executed on time at the best price. The service is fully non-custodial to benefit from the full advantage of blockchain technology. Thanks to Rockside, companies can scale their projects getting rid of complex development and infrastructure.

Join the Rocksiders community :

Subscribe to our newsletter.

Try Rockside, visit our website

Follow us on Twitter.

Join our Telegram

Join our Slack.

Behind the scenes of Ethereum #5: the 3 main challenges of blockchain in the energy industry was originally published in Rockside on Medium, where people are continuing the conversation by highlighting and responding to this story.

Rockside interview with Olivier Senot, Head of Innovation at Docaposte

In order to build the best transaction relayer at Rockside, we have interviewed the real ethereum users. Corporates, startups, and consulting companies from different sectors agreed to share with us their day to day challenges of building on ethereum. Here is what we learned from them!

About Docaposte

DOCAPOSTE, a subsidiary of La Poste Group, supports companies in their digital and mobile transformation. It offers tailor-made or turnkey solutions, ranging from advice to delegated process management, including the exchange of secure data, electronic archiving, digitization, delivery, and management of digital identities.

Olivier Senot is in charge of blockchain, cloud computing, and post-quantum cryptography for Docaposte. He has been working on a major project on document certification and the fight against document fraud that will be announced soon. Olivier shared with us his vision on the blockchain use-cases that will emerge in the next 5 years as we are getting out of the disillusionment phase.

Traceability use cases are scaling

Traceability tools provide a true interest. With such tools, two stakeholders that don’t trust each other can now share some information. This is huge, and in the next 5 years, it should scale and be industrialized.

At Docaposte, they study the traceability projects on blockchain for an internal purpose related to their IT system: how to chain the activity logs on blockchain to guarantee that no log is missing for future audits. It is way much lighter than electronic signatures that are currently used. It allows an immediate audit of the document management chain of custody.

Such tools are very useful to ensure compliance and security. The traceability allows us to know exactly what happened through the information system but also add a security level to make sure that le logs are true.

Asset tokenization is the next big thing

Another promising usage of blockchain technology is, of course, asset tokenization, and particularly financial and real estate assets tokenization.

We can already see that some projects of intangible assets tokenization have succeeded in the experimentation phase. It is quite impressive that some people have in their wallet the percentage of an apartment! The main problem today is a lack of platform to exchange immaterial tokens. When such a platform is launched, the business will start on a larger scale.

Certify and secure your data

At Docaposte, they manage documents that can be traced, secure, and sign but they do not need to be tokenized to be exchanged. The only need they could have in tokenizing their documents would be when the information can be used as a certificate, thus the document would become a certification token.

Indeed, certify with blockchain technology has proven to be very efficient. It can prevent fraud and ensure compliance and security.

Docaposte is actually working on a project to fight against document fraud through document certification, the project should be revealed this summer. This is a major project that they are currently working on, it runs on a permissioned ethereum blockchain for now and will probably be on ethereum public in the future when scalability won’t be a problem anymore.

How will this evolve?

The main pain point today when doing those projects is UX. In any case, the end-user needs to create a wallet and keep its keys secured and this is way too complex for an average user. This can be dealt with securing keys through mobile hardware or through on-chain identity management.

Though digital identity is very promising, we lack use-cases to fully understand the potential. Whereas there are more and more use-cases on asset tokenization and digital currencies that will for sure structure the future of blockchain architecture.

Rockside is the platform for integrating blockchain in any business. Through a simple and reliable transaction relayer API, Rockside makes sure transactions are executed on time at the best price. The service is fully non-custodial to benefit from the full advantage of blockchain technology. Thanks to Rockside, companies can scale their projects getting rid of complex development and infrastructure.

Join the Rocksiders community :

Subscribe to our newsletter.

Try Rockside, visit our website

Follow us on Twitter.

Join our Telegram

Join our Slack.

Behind the scenes of Ethereum #4: traceability, tokenization, certification: what are the next… was originally published in Rockside on Medium, where people are continuing the conversation by highlighting and responding to this story.

At Rockside, we take security very seriously. In our new architecture, our users send Ethers to a Forwarder contract. Rockside pays the gas to relay transactions and is reimbursed by this Forwarder contract. This audit allowed us to validate 2 things that are absolutely essential for us:

• Our users’ funds are secure.
• The service is fair by design, Rockside can never be refunded more than the maximum price fixed by the users to relay their transaction.

We checked references of, and interviewed several security companies before deciding to hire Sekoia to conduct an external audit of our smart contracts. Sekoia is a French key player in cybersecurity. Sekoia is recognized internationally, a pure player and independent, with a solid expertise in Ethereum smart contract security.

The security report

Overall, this audit found 6 issues of various severities
(0 critical, 1 major, 1 significant, 4 minors).

The smart contract static and dynamic code analysis did not reveal any security vulnerabilities.

Here is a highlight of the 2 issues found thanks to the audit.

Privilege escalation (major)

Some privileged functions can be called by users calling them through the Rockside service. Normally only the owner of the Proxy contract have control on it, but a vulnerability allows API key users to have owner rights on the proxy.

Rockside Response: We moved the owners logic from the proxy, to implementation. So this is not on the responsibility of the proxy anymore. We also changed the logic for the forwarder. The forwarder itself is not owner anymore. We originally added the forwarder as owner so administration tasks such as changing the implementation of the forwarder can be done using MetaTx. Even if we thought the attack surface was limited, because only people having the Rockside API Key would be able to execute transactions from the forwarder, we decided to remove it.

SEKOIA Validation: The response is accepted and the fix is provided in this commit.

Code bad practice (significant)

Storage slots are used without being properly declared, leading to possible security impact in future development. In a proxy pattern, the storage slots of ‘Proxy.sol’ are used in the context of the code of ‘Forwarder.sol’, and both contracts must have the same storage layout. The storage layout is not explicitly declared and reserved in ‘Proxy.sol’, making ‘Forwarder.sol’ blindly using the storage slots that might be later used by ‘Proxy.sol’.

Rockside Response: We understand the risk as described but we decided to have a generic proxy that can work with any kind of implementations. Moreover, a generic proxy requires less gas to be deployed. We follow the proxy pattern as defined by openzeppelin as gnosis safe or argent contracts does. https://blog.openzeppelin.com/proxy-patterns
The Proxy source file will include the missing declarations as comments with an explanation to avoid misunderstanding in future developments.

SEKOIA Validation: The response is accepted and the fix is provided by this commit.

Read Sekoia’s full Rockside Relayer security audit report by Sekoia below.

rocksideio/contracts

Conclusion

In this new version of Rockside, our priority has been to build a reliable service for live applications on the mainnet. All our contracts are open source, tested and constantly reviewed internally. We write a minimum of solidity code and we try to make it as simple and readable as possible to guarantee a high level of transparency to our community. Finally, we systematically use standard libraries when possible. With the emergence of DeFi, financial transactions that go through our service are increasingly critical and being regularly audited by external teams is quite natural for us.

Thank you Sekoia “Red Team” for this collaboration and particularly to Bertrand from Sekoia Team for the quality of these recommendations.

Join the Rocksiders community :

Subscribe to our newsletter.
Try Rockside, visit our website
Follow us on Twitter.
Join our Telegram
Join our Slack.

Rockside Relayer Security: Smart Contract External Audit by Sekoia was originally published in Rockside on Medium, where people are continuing the conversation by highlighting and responding to this story.

In order to build the best transaction relayer, we have interviewed the real ethereum users. Corporates, startups, and consulting companies from different sectors agreed to share with us their day to day challenges of building on ethereum. Here is what we learned from them!

About Business & Decision

Business & decision is a data and digital transformation consulting company. It has been acquired by Orange a few years ago. They started blockchain activity one year ago with the commitment of developing expertise for their clients. Most of their blockchain projects today are related to enterprise blockchain.

From private to public blockchain

Blockchain has become a major topic when it comes to digital transformation. Companies are looking at different use cases to implement but also everything related to data analytics on the blockchain. Nevertheless, most companies are still not ready for full decentralization and will ask for private blockchain implementations because they want to keep as much privacy as possible.

Indeed, the market is very focused on enterprise blockchain and on private blockchains but this is just a step. Frederic agrees with that statement and tends to push his customers’ vision towards a public blockchain strategy and especially towards using Ethereum. He believes that blockchain will become a standard for business integration and while most companies are asking for privacy, the future lays in public blockchains. The reason is that standards are the key pieces of blockchain technology. And ultimately, we are going to see more and more standardization and interoperability.

Towards an easier blockchain usage

One fundamental problem remains: blockchain is misunderstood. The majority of the corporate world keeps thinking that blockchain is all about cryptocurrency, while it is not! And the first big challenge as a consulting company is to explain the potential of blockchain to customers and help then decorrelate the volatility of cryptocurrencies from the technology itself.

Then, come technical challenges.

First, how to reach a level of security and standardization? How to deal with private keys and signature? And on a more longterm view, where will our private keys be and who will sign them? It is more likely that in the future, the private keys will be stored on a piece of hardware on our phones and not only on software. And on the privacy side, the promising evolution of zero-knowledge proof protocols gives good hope for the future.

Another huge challenge is user experience. When it comes to the final user, most of the wallets available today are not very user friendly. If you start prototyping an application on Ethereum, Metamask is the best option for the developer and the worse for the user. The most viable solution to overcome this is using meta transactions, whether it is on a private or public blockchain. To solve this problem, Rockside provides a smart wallet solution that allows users to send transactions without having to pay for the gas. A smart wallet is a deployed smart contract that represents the user on the Blockchain.‌ It uses the concept of meta transactions to manage the gas. This is based on the principle of off-chain message signing for on-chain use.‌

About Rockside

Rockside is the platform for integrating blockchain in any business. Through a simple and reliable transaction relayer API, Rockside makes sure transactions are executed on time at the best price. The service is fully non-custodial to benefit from the full advantage of blockchain technology. Thanks to Rockside, companies can scale their projects getting rid of complex development and infrastructure.

Join the Rocksiders community :

Subscribe to our newsletter.

Try Rockside, visit our website

Follow us on Twitter.

Join our Telegram

Join our Slack.

Behind the scenes of Ethereum #3: challenges of blockchain in digital transformation strategies was originally published in Rockside on Medium, where people are continuing the conversation by highlighting and responding to this story.

In order to build the best transaction relayer at Rockside, we have interviewed the real ethereum users. Corporates, startups, and consulting companies from different sectors agreed to share with us their day to day challenges of building on ethereum. Here is what we learned from them!

Rockside: First, can you please introduce to us what you do at PALO IT?

Arthur Micoulet: PALO IT is a global innovation consultancy and agile software development company dedicated to helping organizations embrace tech and innovation. We created the blockchain practice about a year ago to accompany our customers on the implementation of blockchain solutions.

We mostly work on ethereum and are doing some research on cross-chain interoperability and particularly on witness networks The idea of a witness network is to have another blockchain that listens to what is happening on two different channels. It ensures that cross-chain exchanges work well, without double-spending for instance.

R: What kind of blockchain use cases do you see the most?

AM: There are very interesting uses-cases related to traceability. It can be about food, luxury items, or even documents. One example of a project we have done is a photograph reselling platform on ethereum where a user can add a copyright to the photograph. It is very useful for second-hand reselling for a photographer. In the luxury area, we have worked on object traceability to ensure the originality of the object throughout its life. I am also very interested in DEFI. It is very disruptive and I think banks are not going to lead the movement.

There are a lot of constraints when using a blockchain in regards to security and private keys. I really believe in the strength of gas relayers to ensure smooth usage and get rid of wallet concerns.

R: How do you see the future in terms of protocols?

AM: I see most requests on Ethereum and an upward trend on Tezos. Actually, each protocol has its features and thus its preferred use-cases or industries. For example, most DEFI projects are using Ethereum while most traceability platforms are running on Hyperledger or on private blockchains. And it is also our role at PALO IT to guide our customers towards the right protocol depending on the usage. I don’t see one big winner, in the end, I think we will have to make bridges and find interoperability solutions.

R: Lastly, what is for you the killer app?

AM: It is hard to find a use case that would be really mainstream because the blockchain does not solve everything! But I would say that cryptocurrencies topics have a lot of potential in countries that deal with high inflation rates. In this case, the killer app could be a simple wallet that enables users to invest, pay, and find stability where the currency does not bring it.

Rockside is the platform for integrating blockchain in any business. Through a simple and reliable transaction relayer API, Rockside makes sure transactions are executed on time at the best price. The service is fully non-custodial to benefit from the full advantage of blockchain technology. Thanks to Rockside, companies can scale their projects getting rid of complex development and infrastructure.

Join the Rocksiders community :

Subscribe to our newsletter.

Try Rockside, visit our website

Follow us on Twitter.

Join our Telegram

Join our Slack.

Behind the scenes of Ethereum #2: Tracability and interoperability was originally published in Rockside on Medium, where people are continuing the conversation by highlighting and responding to this story.

In order to build the best transaction relayer at Rockside, we have interviewed the real ethereum users. Corporates, startups, and consulting companies from different sectors agreed to share with us their day to day challenges of building on ethereum. Here is what we learned from them!

Rockside: First, let’s understand Tokeny. Could you please explain your project?

Joachim Lebrun: Tokeny allows the tokenization of financial assets on the ethereum blockchain. We have created security token standards (T-REX — tokens for regulated exchanges). T-REX tokens work in synergy with ONCHAINID to ensure the compliance of each asset transfer on the blockchain.

Tokeny provides the tokens and the platform to interact with these tokens. With the platform, any issuer or agent can manage their token, whitelist identities, burn tokens, create new identities, issue new tokens, etc. The objective is to provide all the tools necessary for any company to easily issue, manage, and distribute tokens. With the Tokeny platform, as soon as two people are KYC checked by the sender, they can exchange tokens very easily and at no significant cost.

R: What is your biggest added-value: the smarts contracts or the application?

JL: It is actually both. Tokeny provides all the interfaces that are added to the smarts contract which allows smooth and optimal token management. On the other side, smart contracts are open source and the idea is to create a future standard.

R: Do you manipulate EIP?

JL: The T-REX token is ERC20 compatible. So if you’re whitelisted, the token will appear as an ERC20 on any wallet. The only difference is that the transfer function is overridden to check the compliance for each transfer. So the transfer fails if the person to whom we are trying to send the token is not eligible to receive them. Otherwise, it is handled in the same way as an ERC20 and it is compatible with all the same functions.

R: Why did you choose a fungible token?

JL: In private equity, a part of equity corresponds to another part of equity, it’s the same thing, it’s just a question of quantity so the choice of a fungible token is logic. Nonetheless, if we have the need from our customers for a non-fungible token, we would use the ERC721 standards for transmitting.

R: Can you tell us a bit more about the identity standards that you use?

JL: We handle the ERC734 and ERC735 for all that is ONCHAINID related. Basically the ERC734 provides the key management so it manages the access, and the ERC735 is a claim manager so it allows us to add pieces of information on the identity (ex: AML or KYC claim). The combination of both standards creates a whole identity and everything is traceable on-chain.

R: What about the key management on your customers’ side?

JL: Each user has an ONCHAINID and the management key deployed, so he can actually add other keys to it. Tokeny also keeps a management key for each deployed user, in case of wallet loss. In the Tokeny interface, any wallet compatible with wallet connect is available.

Rockside: What are your thoughts on Ethereum 2.0? Are you looking forward to it?

JL: Yes, we do because we believe it’s gonna fix various issues. Now, we don’t have that many problems with ethereum as it is today as we managed to find solutions for our volumes. For example, when we have to whitelist a certain number of IDs, the transaction limit per second can be problematic but we can overcome with batch functions.

R: How do you estimate the gas price for your transactions?

JL: We are using an API of Ethereum gas station and we use the average price. For batches, we simply multiply the unit gas amount per the number of IDs in the batch.

R: Do you use meta transactions in your smart contracts?

JL: Not for now, but that’s in the roadmap. As a next step, we are planning to have proxies that will call the smart contracts, and thus we will require meta transactions. The objective is to improve flexibility but also to be able to provide gasless transactions.

Rockside is the platform for integrating blockchain in any business. Through a simple and reliable transaction relayer API, Rockside makes sure transactions are executed on time at the best price. The service is fully non-custodial to benefit from the full advantage of blockchain technology. Thanks to Rockside, companies can scale their projects getting rid of complex development and infrastructure.

Join the Rocksiders community :

Subscribe to our newsletter.

Try Rockside, visit our website

Follow us on Twitter.

Join our Telegram

Join our Slack.

Behind the scenes of Ethereum #1: asset tokenization was originally published in Rockside on Medium, where people are continuing the conversation by highlighting and responding to this story.

After a week of recovery, here is a short story of our experience of the Hackaton ETHBerlin Zwei in Berlin, a combination of a hackathon, experiences, workshops and talks, happening from 21st to 25th of August 2019 in Berlin, Germany.

Friday: H-hour -36

💡Find a motivating idea…

We signed up with a vague project idea and a team of 3 motivated rockside.io developers (Tangui, Nicolas and me).

The idea was adding a layer of privacy on top of the current social networks (Facebook, Twitter, …) by encrypting the messages just before sending them to the servers. Our service also allows the sender to control who can decrypt these messages thanks to Ethereum. We wanted to create a service that is almost invisible to the user, we wanted to hide the entire technical mechanism.

All of this must be done in 36 hours… of course ;)

People use Twitter and Facebook and it is not going to change soon. People have their habits and above all, their friends and their network are on it and that create a significant retention of users.

Finally, in an ideal world we could continue to use our favorite social networks by adding a feature that would give us a real control of our data.

Omertà is a Southern Italian code of silence and code of honor that places importance on silence in the face of questioning by authorities or outsiders; non-cooperation with authorities, the government, or outsiders; wikipedia

Starting from this idea, we imagined browser extension which resolve that, as smooth as possible, for users of these social networks. The whole presentation of the project is available on Github.

Saturday: H-hour -32

🤠 over-confidence period!

We arrived at the Factory well rested and very confident. We identified a number of technical challenges, we only had to gently code to finish…
As usual in the development, nothing worked as expected.

• Injecting code and watching for events is not that simple, parsing the DOM was a hard task as the JS/HTML/CSS code from Facebook and Twitter is automatically generated, at each reload, all ID change.
• We knew it’s theoretically possible to encrypt a message with an Ethereum public key but we’d never tried to do so.
• Fork Metamask should save us time, but we are not sure of the result.

Saturday: H-hour -25

😰 The real rush

All the bricks (almost) work, so it was time to start the next step: merge everything in our chrome extension.

• A script injected into an HTML page decrypts messages and replaces them on the fly.
• The eth-crypto library does the job well and we share secrets on Ethereum (PGP like) on Ropsten.
• We dropped the Facebook scrapper as our tests on Twitter was more conclusive.
• After a quick test, we decided to create our own Chrome Extension (and gave up the idea of using our Metamask fork)
• Create Scripts to retrieve a specific tx by a sheme in the data (omerta:userid:encryptedsecret)

Saturday: H-hour -8

🐛 Bug time

Importing Node.js libraries in our Chrome extension was a big hassle. Depending on screen sizes or twitter themes, our scrapper/crawler didn’t work. At that time, we were already exhausted and we knew we’d have to code all night long to deliver something... No choice, here we go!

Sunday: H-hour -5

😌 relief time

Finally, we have a demo that runs! it’s already a huge relief… omerta is live! Well, not exactly, The Chrome extension runs only our machines, but it’s still a nice achievement.

Sunday: H-hour

❤️chill time

Without having time to work our pitch, we pushed the code and arranged the README file until the last minutes to try to highlight our project, we quickly regretted not having a polished pitch… Too bad, we’ll do better next time, Now, we can finally enjoy this exceptional place.

Sunday: H-hour+4

💻 Demo Time

We did a demo in which we use our real twitter accounts: Nicolas and myself are friends and can read our twitter message in clear while Tangui, who is not in our mafia (our circle of friends) only has access to encrypted messages. (see the video above)

Our presentation was confusing and we lacked of preparation and 10 minutes is really short! Even though our demo was really bad, it worked and we were proud to demonstrate that using Twitter with end-to-end encryption is technically possible.

Sunday night — The results

Despite good feedback from the jury, our project was not selected. It’s hard but the level was high (730 attendees & 88 hack submissions) and successfully demonstrate our idea feasibility in such a short time was our main goal, so in a way, it’s win for us!

This experience was very rewarding, the atmosphere was really special and the organization was perfect. Finally, we are proud to build with this incredible Ethereum community.

See you next year ETHBerlin Zwei!

Co-written by Tangui Clairet, Nicolas Law Yim Wan et Vincent Le Gallic

All Rockside updates

Subscribe to our newsletter.

Try Rockside for free, visit our website

Follow us on Twitter.

Join our Slack.

Back from Hackaton ETHBerlin Zwei was originally published in Rockside on Medium, where people are continuing the conversation by highlighting and responding to this story.

At Rockside, we are constantly doing a technology watch of the new Ethereum products and see how we could fulfill promises that meet bread-and-butter issues for Ethereum developers.

In the team we agreed on one particular recurring issue in the Blockchain world: querying data is a pain! By queries, we mean something rather complex that would require several (if not a ton) of requests to your node in order to get the desired result. Here is our feedback experience.

After reviewing several options, we stopped at a solution that seemed to stand out from the others: The Graph, “a decentralized protocol for indexing and querying data from blockchains”.

The Graph

The CryptoKitty Challenge

In their documentation, The Graph highlights an example of a complex query involving the famous collectible CryptoKitties that asks the following question: ‘Who are the owners of the CryptoKitties born between January and February of 2018?’

The team states that this kind of request, otherwise very painful to implement, could be undertaken really easily through The Graph.

Problems encountered when done Manually

As we like challenges at Rockside, we tried to answer that question first without any other tool than one of our ethereum node and web3js. During that process we encountered three main issues:

1. Ethereum does not have an easy way to query blocks by timestamp
2. There is huge load of data to filter and decode(~340k blocks for a one month period)
3. For this kind of query we are very dependent on the methods that the smart contract exposes publicly, and it can potentially take ages to gather the data needed

If you are curious about the script we came up with, you can find it here

Solving the query using The Graph

Structure of the software

The Graph is composed of several parts:

• the Graph-node that scans your node and indexes data
• Subgraphs that give instructions on which data should be indexed from the Blockchain.
• a WASM module attached to the Subgraph that will map ethereum data into GraphQL schemas
• a Store where the data is persisted with PostgreSQL

Making our own Subgraph for indexing Cryptokitties

The installation process is fairly smooth, you are just asked to select a network, the Ethereum address of a smart contract to watch and it will fetch the ABI directly from Etherscan if possible. Your Subgraph is ready to index the main events fired by the smart contract in less than 2 minutes.

Now, the Subgraph as is will not be enough to answer our question. It needs some extra elements in order to be able to query Cryptokitties and their current owner in one go.

Customizing a subgraph can be done a few simple steps:

1. Define an entity that The Graph will persist in its store in the Subgraph manifest
2. Define the GraphQL schema of that entity in the GraphQL schema file
3. Define the corresponding handlers that the graph will react to in the Subgraph manifest
4. Customize the handlers to map the ethereum data into the entities defined in your GraphQL schema

Deploy the subgraph

Now all you have to do is to deploy it to the hosted service and let it sync with the node. After a while you can answer your query in less than a second using GraphQL. And if it needs refining, tweak your subgraph and redeploy it in one command line.

Summary

The Graph definitely met our expectations and fulfilled its promises. It’s easy to set up, customize and deploy. You don’t even need any kind of infrastructure if you decide to use their hosted service. On the other hand though, it may take a while to fully scan the node depending on how heavy your subgraph is.

If you wish, our CryptoKitty Subgraph is available in The Graph Explorer here:

CryptoKitties Explorer Subgraph

Finally, we would like to give a big shout out to the team of The Graph, and a special thanks to Jannis Pohlmann and David Lutterkort for guiding us in optimizing our Subgraph and for their blazing fast reactivity when it encountered some sync issues (indexing Cryptokitties is actually pretty intense).

Rockside | Connect your Business to Blockchain technologies

All Rockside updates

Subscribe to our newsletter.

Try Rockside for free, visit our website

Follow us on Twitter.

Join our Slack.

Complex Blockchain Queries using The Graph was originally published in Rockside on Medium, where people are continuing the conversation by highlighting and responding to this story.

After 6 months without any big release, geth comes back with a new version containing lots of improvement and cool stuff.

This post is my summary about this new release, you can find the whole changelog here.

Performance, faster and lighter sync

At the beginning of Ethereum client, sync performance was not a main concern. There were few data to sync. But now syncing is becoming a pain. The good news is that this last release contains some performances improvement.

Concretely, a sync operation takes less time (especially on fast sync and archive) and less disk usage.

Freezer, manage your storage intelligently

About disk storage, to be able to sync a node you need to use SSD.

What’s the advantage of an SSD over HDD ? They are way faster and handle better multiple write operations than a good old HDD.

What’s the link with Ethereum ? While syncing a node you will receive a lot of little packages that you will have to store and use to recalculate the state. Those operations take time. With HDD you can’t do it quickly enough and you will never reach the blockchain head. But SSDs are not cheap and the size / price ratio is not in our favor.

So what’s the solution ? Get a big SSD and store everything on it ? Previously yes. Now meet Freezer.

Before detailing what Freezer do, let’s see what the whole storage is made of. Basically, blocks. The question now is does my node need all the blocks ? Yes, but no. It needs them but with different usage over time. The last blocks are important and will be accessed way more often than last month blocks. And that’s where Freezer comes in place. Now geth will separate those two types of blocks and moves those old ones into another folder. You can configure the path of this folder, and for example let’s say put it on a HDD.

That way you can use a cheap and small SSD to sync and use a big and cheap HDD to store the data.

A fresh fast sync at block 7.77M placed 79GB of data into the freezer and 60GB of data into LevelDB.

So yeah that’s pretty good for our wallet.

GraphQL, an alternative to JSON-RPC

If you happened to have played with a node you must know the JSON-RPC interface. To put it simply, it’s the API to access the blockchain. Like all APIs, there is a set of defined functions which gives you predefined outputs.

GraphQL is different. Instead of making a request to a specific route you define the format of the response you want (and just that) and you will get it directly.

Let’s take an example

I want to get the last 10 blocks miner and their balance.

Using JSON-RPC

So we have 10 loops, for each we get a whole block even if we are just interested in one value (miner) and after that we make one last call for its balance. In conclusion, we have 20 calls and more data than needed.

Using GraphQL

You get the same result with only one query. Moreover you don’t have unnecessary data, which means a bit less work for the node !

You can easily start playing with geth GraphQL by just adding one parameter at launch.

Block account unlocking with open API, avoid misuse

Before explaining this change, I would like to talk a bit about a philosophical aspect of Ethereum. In a perfect dream world, every user possesses its own node (even light). You don’t use someone else’s node to access Ethereum, not even Infura. I think it’s possible for developers like us, but it’s not reasonable today for normal users and companies.

For me this is the reason RPC method eth_sendTransaction exists. This method will sign the incoming transaction with the first account present (and unlocked) on the node. If you are the only one to have access to the RPC endpoint that fine. But if you expose your RPC endpoint on the internet without any protection that’s a big security risk for your funds.

If you want to know more, here is article detailing the misuse.

Security Advisory [Insecurely configured geth can make funds remotely accessible]

But sometimes you need to expose those APIs and also unlock your node (e.g. sealing node on a Proof of Authority network). But that’s bad, really bad. Now it’s not possible anymore. Actually to be honest it’s still is but you have to explicitly add the option --allow-insecure-unlock to geth, which means you know what you’re doing (at least more than before).

A solution among others is to have two nodes. One will do the sealer and will not expose any RPC endpoint. The other will expose RPC over http / websockets / GraphQL without participating to the consensus.

Clef, a new horizon for key management

As seen before, account management on a node can be tricky (e.g. Pantheon, an another client, doesn’t allow it at all). And that the main aim of Clef: move this feature into an independent program. Clef is not a new feature of geth, it’s a completely stand alone binary written in go.

What’s the point ?

For example, to expose your node to the world without extreme protection and connect it to a Clef running on a more secure environment.

Not enough for you ?

Ok, I did test clef back in march for a sealing node. The node sent all the blocks waiting for validation to Clef and Clef prompted me if I wanted to sign the block. Ok that doesn’t seem much said like that but it’s a really cool first step. Many of our clients ask for security for their sealer private key yet it is needed on the node at start for sealing. That’s bad for two reasons : the node is exposed (at least a little) to the outside world and what will happen to your key when the server is destroyed ?

The architectural made on geth to make Clef open new doors for key protection (seal blocks inside a vault ?). This tool looks so cool and I can’t wait to play with it.

So yeah pretty major minor release from the geth team. I only talked about the things that seems useful for non techy people from my point of view. I may have missed some other upgrades or features. If you want to learn more details go check the changelog.

Afri on Twitter

Geth v1.9.0 is one of the most exciting things in the recent history of Ethereum. 👍 https://t.co/Kckh5NYSxK

I did this research during my work for the development of our product Rockside. We build an enterprise-grade platform that removes Blockchain complexity. We love design systems that are elegant abstractions over complex Blockchain technologies with a modular architecture, designed with security, performance, and scalability. Do not hesitate to take a look at our site.

All Rockside updates

Subscribe to our newsletter.

To try Rockside, visit our website

Follow us on Twitter.

Join our Slack.

Ethereum client geth v1.9.0 released ! What’s new ? was originally published in Rockside on Medium, where people are continuing the conversation by highlighting and responding to this story.