The IC ecosystem already contains a number of different wallet applications and approaches. However, there is no standard around wallet integration yet. This RFP looks to kickstart the work on a possible wallet standard implementation that works for all dapps and wallets. Applicants are expected to apply for a 25k grant.
We are looking for an open-source implementation of a wallet, a dapp that integrates with that wallet, and a dummy target canister that implements the ICRC-21 (draft) consent message interface. This implementation should then serve as a guiding example for other wallets and dapps on the IC.
- The dapp must be able to request signatures on arbitrary canister calls to arbitrary target canisters.
- The wallet must be able to sign arbitrary canister calls alongside the corresponding read_state request.
- The wallet must display a consent message to the user as specified by ICRC-21 (draft) and allow them to sign or reject the request. If the target canister does not implement the ICRC-21 (draft) interface, the wallet should display a warning to the user.
- The wallet must implement interfaces for both hot and cold wallet use-cases.
- Note: cold wallet interactions can be simulated by restricting the wallet to just using the JSON-RPC messages with the dapp. I.e. in the cold-wallet case, the wallet must not communicate (directly) with any other party than the dapp itself and must only use the JSON-RPC message channel.
- Any suitable channel for communication between the dapp and the wallet can be used. However, the wallet should be able to be used with any dapp that implements the wallet integration. A non-exhaustive list of suitable channels:
- Browser window.postMessage
- Browser extension message passing
- App-switch on mobile platforms
- QR codes
- The interactions between the dapp and the wallet should use JSON-RPC messages and be adaptable to other channels (see above).
- The code must be open-source.
- The code must have production quality.
Given that the implementation will be used to derive future ICRC standards related to wallets, extra emphasis is placed on the following points:
- The code should be well documented and easy to understand.
- The code should implement security best practices.
- In particular, the validation of consent messages must be done in a secure way.
- There should be a live demo of the wallet and dapp deployed to the IC so that it can be easily tested by the community. If the wallet or dapp is a browser extension or mobile app, it must be published on the respective extension / app store.
- Due to the scope and complexity of the project, it is expected that the applicant has prior experience with the IC and development of wallet applications.
- The wallet standards are discussed in the Identity and Wallet Working Group. As an implementer, you are expected to join the biweekly working group meetings to present your progress.
This grant has three milestones:
- Architecture and design of the wallet, dapp, and example target canister as well as the specification for the JSON-RPC messages.
- End-to-end hot wallet canister call signing use-case:
(a) Dapp requests a signature on a canister call from the wallet.
(b) The wallet fetches the consent message from the target canister (if available).
(c) User approves / rejects the request.
(d) If approved, the wallet signs the canister call and the read_state request and sends it back to the dapp.
- End-to-end cold wallet canister call signing use-case:
(a) The dapp fetches the consent message from the target canister (if available).
(b) Dapp requests signature on the canister call from the wallet and provides the matching consent message.
(c) The wallet validates the request and consent message.
(d) User approves / rejects the request.
(e) If approved, the wallet signs the canister call and the read_state request and sends it back to the dapp.
Milestones 2 and 3 require a live demo of the wallet, dapp, and dummy target canister deployed to the IC as well as passing a security audit (the applicant does not bear the cost of the security audit).
How to apply?
Please submit your application at Internet Computer Content Validation Bootstrap mentioning RFP-7 and selecting the 25k tier. There you’ll also find more details about the DFINITY Developer Grants program. Please provide details about your timeline for finishing this project.
If you have questions, please post to the following thread on the Developer Forum or the grants channel in the Developer Discord.