By: Jesse Abramowitz
This was by far the hardest but most satisfyingly technical challenge I had while integrating our Universal Faucet. Everything we do is testnet so we aren’t too careful about understanding the ins and outs of all the blockchains.
Whenever we decide on integrating a wallet, we kind of just figure out how to integrate and go. We don’t have any formal processes.
This one was a liiiiiiittle different.
So the story goes: I had integrated pretty fast. I went on their discord to ask for tokens. Everyone was super nice and someone offered the “buttload” of tokens we needed.
Pretty easy, right?
Getting the tokens was the easiest part, but it wasn’t without its challenges which I go more into detail below!
IOTA doesn’t consider themselves a blockchain but rather prefer to be known as a Tangle. According to their website, the Tangle is a stream of interlinked and individual transactions. These transactions are distributed and stored across a decentralised network of participants. It turns out uses a Directed acyclic graph (DAG) instead of a blockchain to store its ledger. This Tangle, allows different branches of the DAG to eventually merge, which, according to them, results in a much faster throughput.
For more info on the Tangle, check out their article.
Why this Tangle?
Well first of all, I’m pretty sure it the only Tangle out there. IOTA has built itself up as a top 20 coin that is a platform for developers. I was curious about working with it.
I asked in their chat they were super cool about it! Thanks guys!
Their documentation was good to an extent but it did have some gaps. For starters, it failed to give me any design patterns for handling transactions and didn’t even warn me about the security vulnerability (which I explain in the challenges part of the article) in the node part of the documentation.
This is a major oversight and opens up to essentially showing people how to create security flaws.
Remember when I said getting test tokens was easy?
The asking part was!
However, before the test tokens were sent, they noticed we had used an account to send transactions multiple times. This in itself is a security risk because each time you send a transaction you expose a little part of your private key. Thus you become more and more exposed to a brute force attack.
The architecture of signing looks like this you have a seed that can generate multiple private keys that generate public keys that generate addresses. You can maintain the same seed but should only use a private key once.
One thing I really liked about IOTA is that you can send multiple transactions at once. So you would send the amount you need to the destination you want and the rest should be moved to a new private key from that seed.
Sending a Transaction
Firstly, I created an account, got it funded.
I sent the funds to 5 wallets. The index position of these wallets were stored in our database. As a user asks for funds, they received from the 1st wallet in the index position with funds, they received these funds then the rest of the balance is sent to the index + 5 position.
As the second person asks they get funded by the second account and the leftover funds get sent to 2 + 5 = 7th account in the index.
The code looks like this:
This was a blast to integrate and once the scenario was understood, it wasn’t too hard. I think the documentation could have helped more with trying to get me to avoid the security vulnerability. At the end of the day, IOTA seems like a novel solution which could address issues of scalability. I am excited to see what ends up being built on the platform.
Jesse Abramowitz is a Blockchain Developer at BlockX Labs. He has worked on multiple DApps, projects, and Blockchain Networks. Currently, he is also a professor at George Brown College in Toronto. He is always looking to help, teach and build on the blockchain. You can reach him at: [email protected]
BlockX Labs specializes in building developer tools and solutions for blockchain ecosystems. We aim to sift through the noise to bring some sense and clarity into the Blockchain space. Our accomplishments include AIWA — a wallet and DApp interaction tool for the Aion Network, and Universal Faucet — a test token faucet for Aion, Ethereum, Polkadot, Stellar, Tron, IOTA.
Follow Us on Twitter: @BlockXLabs