What’s the best way to deposit ICP tokens in a canister while keeping track of Principal’s balances?
Plug can’t be used in local environment and II doesn’t seem convenient for the user cause they have to send money from NNS or their preferred wallet to the newly generated principal, in addition to requiring an extra step which isn’t ideal for UX, I still haven’t figured the security implications: what happens if the dApp shuts down? How would the user authorize a tx? Looking at this example it’s not clear whether the user has any confirmation before the tx is submitted:
With dip20 (WICP) canister deposits can be done with a simple approve/transferFrom, user makes an approve call and then calles the service method, which consumes the approved balance by a transferFrom call to itself. This way, you’re not just expecting the service to accept funds from you throwing money at it, you approve and service consumes. Service down? Wont consume and no double spend/lost scenarios. In jelly we use a batch request to force user confirmation as well. Also, plug requests do work locally, you’ll need to specify the host as local when instantiating the actor and agent.
In terms of using raw ICP, the process is the opposite of what I described, users can only send ICP and the service has no way to know other than the user sending which block the transaction is in, and service checking the block. I would recommend using WICP for the best/most consistent flow
To handle approvals I need a wallet, but Plug doesn’t work in local environment, NNS wallet can’t do approvals so I’d have to: integrate II login, transfer tokens from NNS to the newly generated principal and then somehow handle approval logic on my own, tedious but doable.
Problem is I’m not sure about the security implications, what happens if I send money to a principal generate by a dApp and the dApp goes down? Couldn’t a malicious dApp send an approval from the client without the user noticing?
Wrapping the native token for such a simple use cases is wrong in so many ways, I’d rather code my own wallet from scratch rather than rely on WICP.
Unfortunately it’s the native tokens flow that we all have to work around. Not sure how you’re unable to use plug locally, we developed the entire jelly marketplace FE with services running on a local replica. Obviously, in the current state, the wallet will only show the balances from mainnet, but being able to switch wallet display to local is coming very soon. But you can still interact with a local replica by specifying a host and fetching the root key exactly like mainnet.