feat: contract for single smart wallet

[turadg]

closes: #5356

Description

Smart contract for smart wallet, forked from #5594

Names this version of the contract singleWallet so it can co-exist with the multitenant walletFactory coming in #5721 for #4484

Security Considerations

Wallet now works on-chain.

Documentation Considerations

Adds a basic README to document the difference between "solo" wallet, smart/chain wallet with a singleton contract and the multitenant factory.

Testing Considerations

CI doesn't cover everything. Ideally we test the on-chain home.wallet in CI but that's a big chunk of work and for now we can do it manually.

# tab 1 (chain)
cd packages/cosmic-swingset/
make scenario2-setup scenario2-run-chain
# starts bare chain, don’t need AMM

# tab 2 (client server)
cd packages/cosmic-swingset/
make scenario2-run-client
# CONFIRMED no errors in logs

# tab 3 (interactive)
agoric open --repl
# CONFIRMED in browser that `home.wallet` and `home.smartWallet` exist
agd query vstorage keys 'published.wallet'
# CONFIRMED it has a key like `published.wallet.agoric1nqxg4pye30n3trct0hf7dclcwfxz8au84hr3ht`
agoric follow :published.wallet.agoric1nqxg4pye30n3trct0hf7dclcwfxz8au84hr3ht
# CONFIRMED it has JSON data

[dckc]

heading to a meeting; got thru lib-chainStorage.js

not sure about the CORS stuff. hm.

[dckc]

I suspect this CORS stuff is left-over from some tangentially related work. Unless you're clear on why it belongs, perhaps take it out?

[dckc]

this config probably needs the same smart-wallet.js contract bundle as decntral-core-config.json.

[dckc]

good stuff, but I think changing provide from async to sync has to be rolled back or otherwise fixed.

[dckc]

why rename it? the function does make a (new) client manager.

[dckc]

ah. it doesn't return the thing that it creates.

[dckc]

the provide from @agoric/store is not async. I don't see how it can work here.

[dckc]

store: any was lazy (on my part)

[turadg]

thanks. coding too fast. thankfully the typechecker caught it too.

[dckc]

odd... I wonder why that wasn't caught before.

[turadg]

PropertyMakers was PropertyMaker[]. I changed it around to have PropertyMaker be named.

[dckc]

I think the format here is actually Justin. minor detail.

[dckc]

good stuff!

[dckc]

post-script: wallets have state that shouldn't be published, so using the publishing marshaller was probably not a good idea. even using the read-only marshaller would be iffy: purses shouldn't be exposed to the board vat at all.

cc @warner

[turadg]

The marshaller privileges and what is published are independent, no?

The latter is defined here https://github.com/Agoric/agoric-sdk/pull/5701/files#diff-b1c2b2b7ded05977f142adcd00946c70016bae3a5178a46af30ef444422e3332R60-R70

Which of those shouldn't be published? purses?

Are you saying there should be separate streams for what goes to off-chain storage and what goes to the creator?

[dckc]

The marshaller privileges and what is published are independent, no?

Yes.

And indeed, purses must not be published. Nor payments. Probably not offers either. Publishing issuers and dapps is probably harmless. contacts is iffy...

But not only should we not publish purses, we shouldn't use the board's readOnlyMarshaller, since that involves exposing the purses to the board and trusting the board not to publish them.

[dckc]

For reference, https://gist.github.com/dckc/3192a5264524635bd7261277b1fb707e has the output of agoric follow ....