Open in app

Sign in

Write

Sign in

Melon IPFS Front-end v0.6.0

Jenna Zenk
Enzyme
Published in
6 min readJan 23, 2018

The Melon team is pleased to release today the Melon IPFS Front-end v0.6.0. The IPFS Front-end runs on the Kovan test net with Melon.js v0.6.14 and the Melon protocol v0.6.2 (audited twice and undergoing a third audit).

What’s new ?

3 major changes to look out for in this release:

  • You do not need Metamask. In fact, you do not need anything to create and manage your Melon fund. Your encrypted wallet is stored in the local storage of your browser: all you need is to write down the mnemonic phrase provided to you in the beginning, and make sure to remember the password you set. If you loose access to both your mnemonic and password, we won’t be able to recover your fund but, well .. you can just create a new account and start from scratch, it’s just test money after all :)
  • You can now see the ranking of all existing Melon funds, and see where your fund stands among others. If you are on your fund’s page and want to head back to the ranking page, click on your fund’s ranking below your share price. The ranking as of now takes some time to load as all the data comes directly from the blockchain, so it will just require few seconds of patience from you.
  • You can now visit other people’s funds, and invest in them, go and make some test money out there!

Notes on security of your browser local storage

On this version, when you create an account, a mnemonic seed phrase is generated from the bip39 library and a public/private key pair is derived from this mnemonic phrase. Then, your wallet is encrypted with the password you provide and the encrypted version of your wallet is stored in the local storage of your browser. What does this mean?

  • If you create an account and a fund, then close your browser, next time you’ll come back to use melon.fund on this browser, you’ll have access to your fund again with no effort.
  • For each transaction you try to make, you will be asked to type your password so that your encrypted wallet can sign the transaction you want to make.
  • If you saved your mnemonic seed phrase, you can retrieve access to your fund from any browser as we included the recover from mnemonic functionnality.
  • You can now have access and manage your Melon fund from any device, including your mobile. Just try it!

But it also means:

  • Your encrypted wallet is as secure as your computer/browser is secure. As with any other Ethereum wallet interface such as Metamask or MyEtherWallet, if your computer happened to be compromised, sensitive information could be stolen. This would also be the case if you store keys or an encrypted walled on your hard drive. This is always a good occasion to remind you to keep your computer safe, have an antivirus, make sure to upgrade your operating system often etc.
  • You cannot use melon.fund with a browser in incognito mode (we can’t use the local storage there).
  • As we deploy our codebase to IPFS, our local storage is currently bound to the IPFS domain name (not good ..), so potentially would be accessible to any other application deployed on IPFS.

The current lack of access restrictions of local storage to IPFS sites hinders our development. Therefore, this in-browser local storage strategy is not intended to be used on the mainnet, as it is not fully secure.

We’ll be using this in-browser local storage strategy only in the context of the testnet for now, which we think is fine as your encrypted wallet will only hold test tokens.

We see IPFS integration in major browser applications as a huge opportunity for decentralized applications; access restriction based on IPFS hash or IPFS name would solve the problem of having the encrypted wallet accessible to other IPFS application and would be a major step forward. There are ongoing discussions about this subject, you can read more here if you’re interested. It would be a great addition not just for Melon but for any project that would like to uphold the virtues of true decentralization.

Using an application deployed on IPFS means that you can verify the code base that was deployed with the IPFS hash; therefore, you can be sure that there is no hidden/malicious code. This feature goes quite well with key storage as you can be certain that the application doesn’t do anything malicious with your keys. It is a much more secure approach than using for example any iOS app where you have no way to know what the application really does with your keys.

Having a decentralized application powered by smart contracts and deployed to IPFS is the way forward for top level security.

As soon as browsing IPFS sites comes with local storage access restriction and independent security context, you can enjoy a fully secure and decentralized asset management experience from your mobile, just imagine how amazing that will be …

Until then, on the mainnet, we will enforce the use of a local Parity node for maximum security, and we will adapt our frontend application so that it can run with the Parity signer or in the Parity browser, which will provide a very high security level.

Am I safe ? Not safe?

This is the testnet so the concerns are different from the ones on the mainnet. The idea here is to lower barriers to entry as much as possible, to make it as easy as it gets to test the Melon protocol.

To be clear, this in-browser encrypted wallet storage strategy should only be used for testing purposes, exclusively on the testnet. This version of the frontend should not be used for mainnet purposes.

However, we will be running the Melon Manager Competition on the testnet. Those competitions will entail real money prizes for the winners, so we want to make sure everyone is aware of the security precautions to take in order to always be in control of your Melon fund:

As long as your browser is not compromised and as long as you don’t visit any untrusted IPFS applications, your testnet encrypted wallet is absolutely safe.

Notes on scalability, speed and hosted nodes

Since we are not using Metamask anymore, we are not using Infura either. We spun up a few Parity nodes of our own on the cloud, and have a node balancer that dispatches client connections to ensure a balanced distribution of clients on our hosted nodes. This reduces the likelihood of having many clients making heavy requests to the same node at the same time.

However, we cannot guarantee constant node uptime.

If all of our nodes happened to be overloaded or down, you still have the option to run a Parity node locally: much much faster option, super independent and also the most secure of all.

We encourage everyone to get started with melon.fund and to get to know the platform before the Melon Managers Competitions start. It will allow us to fix as many bugs as possible before the competitions, to identify potential issues and to ensure a smooth functioning of the platform during the competitions.

We love issues, please report them here. If you have any feedback/suggestions for us -or just want to chat with us, please join our Gitter channel or Telegram channel.

[Check out: melon.fund | melon.email | Oyente | Melon Project Github]

-Melon Dev Team ❤

This blog post is subject to change as the research & development phase is ongoing. Melonport will aim to update blog-posts regularly to represent our latest thinking on a best-efforts basis but there may occasionally be time-lags between latest thinking and updated documentation. With this in mind, the author of this blog assumes no responsibility or liability for any errors or omissions in the content of this blog.

Blockchain
Melonport
Melon
Ipfs
Tech Regulated Funds

--

--

Jenna Zenk
Enzyme

Written by Jenna Zenk

458 Followers
Writer for

CTO at Melonport AG; Fullstack engineer with extensive background in finance. #melonport #fintech #blockchain #ethereum #cryptocurrency #javascript #fullstack

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams