We had a fantastic Chia spaces conversation tonight and I wanted to follow up here with a general question about Offer Files. Here’s the chat if you want to listen, but I’ll try to add full context here, so you don’t have to if you don’t want to.

dylan.xch​:evergreen_tree: on Twitter: “Join me in my Space! https://t.co/JNoObVvITE” / Twitter

We were talking about the concept of proving ownership of coin(s). The 300 (SPTN) CAT came up with this concept as far as I know - to prove that you own one of the rare 300 coins, you create an offer file that offers 1 SPTN and requests 100,000 XCH. You send it to the discord admin and they open it up in their wallet and make sure it is valid, even though they won’t accept it.

This validation works because the wallet actually checks the coins in the Offer File against the blockchain in real-time to make sure they are still unspent. If those specific coins are unspent, the discord admin can be sure that they are still in the owner’s wallet (as of the time of the check anyway). Now the admin knows that this user is a “holder” of 300 and they can be granted special privileges in discord. Furthermore, the admin can even hold on to this offer file and periodically check its validity to make sure those original coins remain unspent, which means they are still in the same wallet, which means the person that sent this offer file is still considered a “member” of 300.

My plan is to implement this in catbot-9000, my discord bot, including automated membership management for channels and automated recurring validity checks of the Offer Files. A member would simply upload an Offer File directly to a channel that is watched by catbot and catbot would validate the offer and then add the user to the appropriate role(s). It would also continue to validate the Offer File and once it is no longer valid, the member would be removed from those roles (perhaps after a grace period and a few messages to ask for a fresh offer file).

In the chat above, there are a few arguments made about possibly “spoofing” this process or tricking it in some way. I’d like to get more feedback here - what are the holes in the logic of using an Offer File this way?

There is one vector I can think of: duplicate offer files. A real owner could copy their “proof-of-unspent-coin” Offer File and give it to a non-owner friend, who could then upload that same Offer File as proof. But this seems easily preventable with basic duplicate detection on Offer File upload - only one of any unique Offer File allowed as proof at once.

The other argument against this in the chat above is that I’m over-thinking Offer Files and I should go deeper into Chialisp so I’d have more ultimate power. But my counter is that I have no need to go deeper for this specific use-case if there are no other ways to “break” it. It couldn’t be easier from a user standpoint, and it uses nothing more than the official wallet. No downloads or websites or custom Chialisp or anything else in between the user who wants to prove ownership of coin(s) and the authenticator. To me that is better solution - but not if there is a big hole that I’m not thinking of!

Thank you all again for your feedback and putting up with me!

I think this may be overkill for what you’re trying to do. Proof of unspent coin could just be an unspent coin and a signature of the pubkey in the coin, or just like a spend that sends it back to the same puzzle hash or something.

There’s no easy way to access your wallet public keys right now, but since the light wallet beta, wallet keys have been observer keys so potentially someone could just hand you a pubkey and you can look at ALL of the unspent coins they have.

Maybe you could write some chialisp that just sends money back to where it came from then someone can send just send the money they want to prove to that address, and then claim it back later (Kinda like how pools work).

I think offer files would work for what you’re trying to do and probably the best you can do right now with the least amount of code, but it’s certainly a hack. There’s also a very silly attack where, what if XCH plummets and then all of a sudden the offer becomes actually good to take? Unlikely, but technically possible.

Thank you for the reply! I am going to challenge several of your points but please know that my default position is that you are probably right, I just need to talk it out and mind-map it for myself

This is basically an offer file right? I think that’s exactly what the offer file includes?

For this use-case of proving that you own a rare coin (or eventually an NFT), I want to be VERY careful about making users “spend” anything, even (especially) if it was some custom tricky Chialisp. Would you trust your rare coin to this spend? I wouldn’t, and I’m the one who would be writing the thing

I am certainly open to considering this method in the future, almost like a real-time scanning of your wallet to see what coins you have. Again though, I’m not sure I love the privacy implications here. For this to work, we’d have to force provers to use observer keys. If we use plain old offer files (heretoforthwith knowns as POOFs) then any keys will work and we don’t need to scan anything.

Sorry I don’t like this for the reason mentioned above. The best solution in my mind is one where your rare coin never leaves your wallet, never interacts with any weird 3rd-party code/Chialisp/etc and requires nothing more than the default wallet.

Agreed here! If you think about it, I’m really just using the offer file as an easy “low friction” way to get that unspent coin id so I can continually check to see if it ever gets spent. Of course there are all kinds of other ways I could get that coin id from the user with some sort of custom code but again: think of it from the perspective of a user who just wants to play in the 300 discord. Bot says “hey make an offer file that offers your coin and requests 1 bajillion XCH just to prove you own it”. User instantly “gets it” and maybe even dreams of a “bank error in their favor” lol. They create the offer file, upload it and boom they are verified.

Once the wallet allows add-ins, you can bet that one of the first add-ins I’ll make is an easy way to send an unspent coin id for verification. But in case somebody doesn’t even trust THAT, I still will always fall back on the MVP of POOFs

See above - I have now raised it to 1 bajillion XCH, which is more than all XCH that ever was/will be in existence. A silly attack deserves a silly defense. Seriously though now I’m curious about the max amount of XCH I can request.

Thank you again for engaging and hopefully this explains my thinking a bit more - please feel free to poke more holes!