Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
poh-tron-contracts
Advanced tools
Solidity contracts for verifying proof-of-humanity on-chain for TRON
Set of convenient utilities for verifying proof-of-humanity on-chain within Solidity smart contracts.
Proof-of-Humanity is signed proof that the transaction sender is a human rather than a bot. We are trusting the proof signer (validator) that they did use some method to prove sender humanity off-chain. That could be a CAPTCHA, biometric verification, and so on. Now we can check the validity and uniqueness of this proof on-chain before processing the transaction.
See also:
Proof-of-HUMANity on-chain: protect your smart contracts from bots
Proof-of-Humanity TRON hCaptcha Validator API
This is a basic abstract contract you should inherit from. It exposes the following API:
setHumanityValidator(<address>)
– sets the address of the humanity validator you trust. Usually, this is the address of the account used to sign proof-of-humanity in the backend server you are in control or trust. Here is an example server for hCaptcha.
Validator could be set either in contract
constructor
, or later, by the contract owner.
basicPoH(<proof>)
– ensures that the basic
proof is valid and never seen before.
sovereignPoH(<proof>)
– ensures that the sovereign
proof is valid and never seen before.
If the proof is invalid, transaction is rejected.
proof
must be provided as a parameter for a modified method (example).
Two types of proof-of-humanity are supported: basic
and sovereign
.
The basic proof is 101 bytes long. It is a random challenge and a timestamp signed by a trusted validator.
random challenge | timestamp | validator signature
32 bytes | 4 bytes | 65 bytes
Sovereign proof includes the signature of the transaction sender over the random challenge. This is useful if you want the proof to be tightened to the sender's address. The sovereign proof is 166 bytes long.
random challenge | sender signature | timestamp | validator signature
32 bytes | 65 bytes | 4 bytes | 65 bytes
npm install poh-tron-contracts
HumanOnly.sol
contract`import "poh-tron-contracts/contracts/HumanOnly.sol";`
HumanOnly
contract MyContract is HumanOnly
constructor() {
setHumanityValidator(0x...);
}
This is the address used to sign proofs on a backend server you trust.
proof
parameter and one of the PoH modifiersfunction doSomethingImpotant(bytes calldata proof) public basicPoH(proof)
Ensure to provide a valid
proof
when calling this function from your dApp.
Alex Bakoushin
MIT
FAQs
Solidity contracts for verifying proof-of-humanity on-chain for TRON
We found that poh-tron-contracts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.