Use generated identity on canister to make inter-canister calls

Developers
, ,
1

I’m working on a use case involving the transfer of bridged tokens like ckBTC. The challenge is that there’s no direct way to verify if a user has deposited BTC into the address provided by the ckBTC minter, and that the minter minted ckBTC and sent it to my canister.
It’s true the canister can check the balance and get the transactions, but if multiple users deposit the same amount, there’s no way to tie each user to a specific transaction.

I’d like to create a burner identity on the canister side with Azle, pre-approve a transfer from it to my canister, and then return its corresponding BTC address to the user. The idea is that once the user deposits BTC to this address, I can check the burner identity’s balance. When the balance is sufficient, I would use icrc2_transfer_from to move the funds from the burner identity to the canister.

Here’s how I’m generating the burner identity in Azle:

import { Ed25519KeyIdentity } from "@dfinity/agent";

// Generate the burner identity
const burnerIdentity = Ed25519KeyIdentity.generate();

However, it doesn’t seem like this approach is possible, and I’m wondering if there’s an on-chain solution I could use to implement this.

Any suggestions, workarounds, or relevant examples would be greatly appreciated!

1 Like
2

The t-ecdsa canister offers a “derivation_path” that lets you generate an “infinity” of addresses.

If you do what you are trying todo the key will be vulnerable to reading by a node provider…you should use the tecdsa way to keep it secure. You can hash (principalBlob + nonceBlob) and keep increasing the nonce.

1 Like
3

Did you consider using the frontend user’s identity instead of creating a burner identity? Or is there a reason you want to do that from the canister?

If so, you should be able to use the chain-fusion signer canister for that.

This is how OISY gives a different BTC address to each user.

1 Like
4

The user could indeed pre-approve a transfer, then when the bridging is completed and the balance is available, the canister can just withdraw the funds, unless the approval has been removed in the meantime.

This flow involves more risks.

But the chain-fusion signer is amazing. Being able to verify and submit transactions on the BTC and ETH blockchains completely removes the need for bridging.

That’s the best - although the most complex - approach.

Many thanks

1 Like