Signup Smart Contract

As you might already know, when you create a NEAR wallet, you require deposit some funds to first cover transaction costs and storage costs. This costs around 0.1 NEAR. It's similar for Sender wallet: you can create the wallet without allocating any funds, but if you try to deposit a small amount of money (like 0.001N, about 1 cent USD) to that created account, it'll get locked. Until you deposit enough funds for it to cover storage and transactions, you won't see "available balance".

Hence, we want our users to not have to pay when signing up themselves. After all, they requires logging in with their wallet. If they don't have the wallet in the first place, we want to create one for them, and we shall fund their wallets themselves.

There are two ways we could do this: first, the user create their wallet, then email a request for 0.1N transaction send. This sounds difficult, as you require the wait and other reasons; hence it makes more sense to copy something like the Linkdrop app.

If you search online, there are quite many linkdrop apps. What we discuss above is just the easiest to understand contract; and we want that, as the more complicated it gets, the more difficult it's to understand, the more vulnerable it is to security loopholes, and the more code it requires hence larger contract size. Something easier would suffice.

For a complicated contract, see this contract that makes a linkdrop app into 3 separate contract deployed to 3 separate accounts and all this and that that makes life more difficult. Particularly, it treats contract as objects and go inherit stuffs downwards and do things that one don't even understand what is happening; if you do, sure go ahead and understand what it does, especially if you love inheritance (or maybe it's not inheritance?).

The main linkdrop app (for mainnet) is here. Though, it's not the only linkdrop app available for NEAR. There's the near drop app (beta) that allow mass users onboarding (they onboard at NEARCON Alpha with QR codes, mentioned in their website here). Then there's also the NEAR redpacket app that you might want to try (one never used this before, so use at your own risk).

There are some problem with the main linkdrop app, which one won't mention it here: we shall discover it as we move forward in development.

But before moving to the linkdrop app, why not utilize what we already got? A linkdrop app is deployed on testnet (the top-level account), so let's just utilize it. To play with it, let's just go to the link here and try (make sure you're on testnet, which the link should redirect you to) and see how it works.

Linkdrop main page

Press the login button and login. Allow the connection fee, and you should get to the main page. One assumes you already created a testnet wallet here. After login, it should look like this:

Linkdrop login page

Three buttons: "Create New NEAR Drop", "Show Used Drops" and "logout". Logout is easy to understand; the "Show Used Drops" will display "Used Drops" (so a NEAR Drop that had been used by someone else, yourself or whoever you gifted to). if you click on it, it'll change to "Hide Used Drops". If you don't have Drops yet, it'll say "No Used Drops". Otherwise, it will show your used drops here.

Linkdrop Show Used Drops

We could create a new NEAR Drop. Let's try create with 2 NEAR.

Alert new NEAR Drop

It's an alert box, type in the amount of NEAR and click "Ok". It'll ask you whether to not download keypair before funding, you can download it (we shall discuss about it later so it's best you download it for reference; after which you can delete it).

The name of the txt should be "public_key.txt", so it saves as the public key name, assuming it's unique. You're taken to the page to approve transaction (one assume you know what to do here). The page now changes again.

Drops created

You have two more buttons: "Copy Near Wallet Link" and "Use Drop". If you decide to Use the Drop yourself, you can do it. Here, since we want to gift it to others ("signup link, remember, we don't want to use it ourselves"), we shall not touch the "Use Drop" button; just the "Copy Near Wallet Link". Clicking on it shall copy to your clipboard.

Now, paste the link in a new page, and you'll be redirect to a wallet creation page. You can create a new account.

New Account

You know what to do: you created a wallet already. If this is someone else, you might want to offer guidance; but that's another story.

So we now have 1 NEAR. Wait, 1 NEAR? One thought it's 2 NEAR?

Flaw

Apparently, there's a flaw that's only available in testnet. If you do with mainnet, you certainly get 2 NEAR; but not testnet. the smart contract deployed on mainnet is not the same on testnet; the mainnet have fixed the flaw, but not the testnet.

This flaw is caused by something called the ACCESS_KEY_ALLOWANCE which we shall see in the next page.

It's also lucky that we send 2 NEAR: otherwise with 1 NEAR, it'll fail. We discuss the failure next page: but you're welcome to try it out yourself.

However, there's one more thing to see. Assume you're on mainnet so it doesn't eats your NEAR, hence let's try to deal with 0.1 NEAR sending: (first, refresh the page to see that it shows in the Used Drops)

0.1 Drop

If you click ok, it'll show you cannot create such drop.

too small

Apparently, the min amount of drop is ACCESS_KEY_ALLOWANCE, which we'll discuss more when looking at the contract later.

The last thing to discuss is a security issue: Remember we downloaded the thing before, the .txt stuff? Let's open it up:

Inside, you should see a JSON structure containing the publicKey and the secretKey. The secretKey is the key you send to your friend when you "Copy NEAR wallet link" before, which has the link like this: "wallet.testnet.near.org/where the linkdrop contract is deployed/secret key". Try to create it once again and you'll see what one means: the contract is deployed to "testnet" or "near" (testnet or mainnet) respectively.

However, now you hold the secret key, one cannot be sure if the secret key equals the public key. After all, the secret key is generated based on the public key; so it most probably isn't? If it is, there's a security breach with this contract: you may be able to use the near cli to hack whoever you send the wallet to and retrieve the amount. If you have a hacker background/security audit background, be sure to notify on the discussion pages, creating a new discussion, mentioning this security breach whether it exists or not.

In fact, you don't even need to download the keypair: you could see it in your browser opening up F12 and go to "console", then the bottomest should be "USED DROPS > Array(num_of_used_drops)" where you can expand it and get the secret key.

Though, one suspects it doesn't; because when you create a new wallet, this private key is replaced with whatever seed phrase it is newly generated; hence you cannot access anymore the credentials.

Ok, enough of testing this feature: you can test in your own time. We shall move on to the linkdrop contract.

References