Last updated by Tim Delhaes 5 months ago
For backend, it will take 10 ~ 20 days to complete all tasks, and it may take some days for the penetration test.
2-3 days for the frontend part implementation, once the Credential manager and oAuth support is ready on the backend. A week with testing and some padding.
With some padding we can target Oct 3 for the launch.
Question: When will we have what Nexus features to launch?
Finish credential manager.
Currently we leak many secrets to the client-side which is only tolerable in testing and must be fixed before launching. Estimated 2 ~ 5h on backend side, then
Update OAuth authorization and API call URL
@Egor Milyukov and @Jin will need to update OAuth authorization and API call URL to route calls through credential manager and avoid touching any credentials. Implement a more secure sign in process. Currently the Metamask sign in process is not very secure (anyone who knows public key of the user can sign in). We need to improve it to at least verify that user owns the private key in Metamask. Estimated 1 ~ 2h on server-side. Estimated 4-8hrs on frontend side.
We also will need to implement oAuth flow for Nexus users, so our app/api can be properly integrated with Zapier, see my conversation with Zapier app developer: https://inboundlabs.slack.com/archives/C03QY6D2YDT/p1660682917596499 . Estimated 1 ~ 3h on server-side. Estimated 1-3h for frontend.
Call smart contract via proxy address
@Egor Milyukov will need to implement message signing on the front-end. Estimation included above in the “update oAuth” section.
Implement calling smart contract from unique proxy address for each user. Currently the web3 connector calls smart contract function from a fixed address owned by us, which is obviously not really useful. We will need to implement logic to route the call via a proxy address, which is dynamically generated for each user. This involves some smart contract programming (for routing calls) and I will need to research it, estimated 5 ~ 10h for EVM chains, 4 ~ 8h for Near and 4 ~ 8h for Flow.
Perform general security review on all components and fix any security issues. Estimated 3 ~ 6h. We may also get a security firm to run a penetration test on our infrastructure.
Question: When will we have the simplest for of Gas Payments to have a bi-directional system?
The simplest form will be user manually transferring some gas token to the proxy address for use by Nexus. This is of course not user-friendly, but requires little to no additional work on our end.
Question: What is missing for the different types of developments (web3 CDS, Blockchain Driver, Web2 Driver, App) to be complete? (we also need this to deliver grants commitments). Starting here.
W2 Driver and CDS
New BlockChain API
Develop App (extension, etc)
80% (missing proper auth flow)
Documented example code
50% (missing docs)
Dependency on missing core functions
Credential manager and oAuth
100% (Create/update/delete workflows)
(Need more explanation on signatures)
(Only example code is available)
80% (auto-generated technical docs, might require fine-tuning)
General introduction to platform
General introductions to integrations
New Budget items
Outsource Gas Contract dev ILDE Developers (CDS + Apps)