We had a fantastic Chia spaces conversation tonight and I wanted to follow up here with a general question about Offer Files. Here’s the chat if you want to listen, but I’ll try to add full context here, so you don’t have to if you don’t want to.
We were talking about the concept of proving ownership of coin(s). The 300 (SPTN) CAT came up with this concept as far as I know - to prove that you own one of the rare 300 coins, you create an offer file that offers 1 SPTN and requests 100,000 XCH. You send it to the discord admin and they open it up in their wallet and make sure it is valid, even though they won’t accept it.
This validation works because the wallet actually checks the coins in the Offer File against the blockchain in real-time to make sure they are still unspent. If those specific coins are unspent, the discord admin can be sure that they are still in the owner’s wallet (as of the time of the check anyway). Now the admin knows that this user is a “holder” of 300 and they can be granted special privileges in discord. Furthermore, the admin can even hold on to this offer file and periodically check its validity to make sure those original coins remain unspent, which means they are still in the same wallet, which means the person that sent this offer file is still considered a “member” of 300.
My plan is to implement this in catbot-9000, my discord bot, including automated membership management for channels and automated recurring validity checks of the Offer Files. A member would simply upload an Offer File directly to a channel that is watched by catbot and catbot would validate the offer and then add the user to the appropriate role(s). It would also continue to validate the Offer File and once it is no longer valid, the member would be removed from those roles (perhaps after a grace period and a few messages to ask for a fresh offer file).
In the chat above, there are a few arguments made about possibly “spoofing” this process or tricking it in some way. I’d like to get more feedback here - what are the holes in the logic of using an Offer File this way?
There is one vector I can think of: duplicate offer files. A real owner could copy their “proof-of-unspent-coin” Offer File and give it to a non-owner friend, who could then upload that same Offer File as proof. But this seems easily preventable with basic duplicate detection on Offer File upload - only one of any unique Offer File allowed as proof at once.
The other argument against this in the chat above is that I’m over-thinking Offer Files and I should go deeper into Chialisp so I’d have more ultimate power. But my counter is that I have no need to go deeper for this specific use-case if there are no other ways to “break” it. It couldn’t be easier from a user standpoint, and it uses nothing more than the official wallet. No downloads or websites or custom Chialisp or anything else in between the user who wants to prove ownership of coin(s) and the authenticator. To me that is better solution - but not if there is a big hole that I’m not thinking of!
Thank you all again for your feedback and putting up with me!