[Ethereum] How to programmatically detect and accept ETH and ERC20 deposits

balanceserc-20exchangesnodejsweb3js

I'm looking to replicate the functionality provided by cryptocurrency exchanges such as Kraken and Poloniex when it comes to depositing ETH and tokens. Namely:

Users can generate and send funds to one or more deposit addresses for ETH, EOS, OMG, and other tokens
The relevant user's balance is updated when a deposit is detected for a given token or asset
Sent funds are stored in accounts controlled by the exchange

What's the best way to achieve this?

I have a few ideas using web3, but I'm not sure they're the most efficient or scalable solutions:

ETH

For each user who wants to make a deposit, generate an ETH address and private key using web3.eth.accounts.create(). Map the generated address to the user and store the private key.
Use web3.eth.filter to monitor the latest block on the ETH blockchain. Match transactions in the block against the user addresses stored and update user balances as appropriate.

Issues with this approach: monitoring each block and matching against stored addresses is computationally intensive especially if the number of addresses tracked becomes large (hundreds of thousands). How can this scale?

ERC20 Tokens

For each user who wants to make a deposit, generate an ETH address and private key using web3.eth.accounts.create(). Map the generated address to the user and relevant token, and store the private key.
ERC20 contracts emit Transfer events when a transaction happens on the contract. Monitor this event using web3.eth.filter. When a Transfer event occurs for an address that exists in our database, update the relevant user's balance on the exchange with the transferred amount.

Issues with this approach: How do you set up the web3 filter to detect Transfer events only from the token in question, not the entire network? Should I set up 1 filter per address, or 1 filter for all user addresses? How many addresses can web3 filter track at a time? What if the tracked addresses become very high (hundreds of thousands)?

Is this the right way to think about all this or am I missing something? I'm surprised there isn't more obvious documentation around this flow since it's quite popular (in exchanges and any other service that accepts digital currency payments).

Best Answer

It'd probably go something like this:

User wants to deposit a token to your exchange
1. If it's the first time the user is depositing that token then this occurs:
  1. Generate a new wallet key/pair on the server side
  2. Encrypt the private key with a secret/salt only known by the server and store the encrypted private key and public address in your database, along with the info about the token they generated it for and the user id who initiated it
2. Next time they hit the deposit button to get the deposit address you'll already have a unique deposit address for the user stored in the database that you can present to the user
The user deposits token to the deposit address
1. On your server have a worker that listens to all of the ethereum blockchain events. Check the transaction's "to" address and check it against the deposit addresses you have stored. When there's a match, send a notification to the user regarding the deposit event
Call the token contracts balanceOf method passing it the deposit address you've generated tied to the user in order to display the users token balance in the exchange. You only display that particular token balance and nothing else for that address.
The user wants to withdraw their token
1. Your exchange will have a liquidity pool on stand by. You'll have to transfer some ETH from your liquidity pool to the user's deposit address in order to pay for the gas cost. You include this cost as part of the withdrawal fee. You already have the encrypted private stored so you decrypt it with the secret/salt, sign the transfer transaction and broadcast it to the ethereum network

Our particular constraints:

using addresses as identification
minimal UX trade-off

The solution: A contract that generates receiver contracts

The receiver address producing contract:

contract Factory {

address public owner;
mapping ( uint256 => address ) public receiversMap;
uint256 public receiverCount = 0;

constructor() public {
    /* 
        Deployer's address ( Factory in our case )
        do not pass this as a constructor argument because 
        etherscan will have issues displaying our validated source code
    */
    owner = msg.sender;
}

/*
    @notice Transfer Ownership of this contract to another address
    @param newOwner - Address of the next Owner of the contract
*/
function transferOwner(address newOwner) public {
    require (msg.sender == owner);
    owner = newOwner;
}

/*
    @notice Create a number of receiver contracts
    @param number  - 0-255 
*/
function createReceivers( uint8 number ) public {
    require(msg.sender == owner);

    for(uint8 i = 0; i < number; i++) {
        // Create and index our new receiver
        receiversMap[++receiverCount] = new Receiver();
    }
    // add event here if you need it
}

/*
    @notice Send funds in a receiver to another address
    @param ID       - Receiver indexed ID
    @param tracker  - ERC20 token tracker ( DAI / MKR / etc. )
    @param amount   - Amount of tokens to send
    @param receiver - Address we're sending tokens to
    @return true if transfer succeeded, false otherwise 
*/
function sendFundsFromReceiverTo( uint256 ID, address tracker, uint256 amount, address receiver ) public returns (bool) {
    require(msg.sender == owner);
    return Receiver( receiversMap[ID] ).sendFundsTo( tracker, amount, receiver);
}

/*
    Batch Collection - Should support a few hundred transansfers

    @param tracker           - ERC20 token tracker ( DAI / MKR / etc. )
    @param receiver          - Address we're sending tokens to
    @param contractAddresses - we send an array of addresses instead of ids, so we don't need to read them ( lower gas cost )
    @param amounts           - array of amounts 

*/
function batchCollect( address tracker, address receiver, address[] contractAddresses, uint256[] amounts ) public {
    require(msg.sender == owner);

    for(uint256 i = 0; i < contractAddresses.length; i++) {

        // add exception handling
        Receiver( contractAddresses[i] ).sendFundsTo( tracker, amounts[i], receiver);
    }
}
}

The receiver contract:

contract Receiver {

address public owner;

constructor() public {
    /* 
        Deployer's address ( Factory in our case )
        do not pass this as a constructor argument because 
        etherscan will have issues displaying our validated source code
    */
    owner = msg.sender;
}

/*
    @notice Transfer Ownership of this contract to another address
    @param newOwner - Address of the next Owner of the contract
*/
function transferOwner(address newOwner) public {
    require (msg.sender == owner);
    owner = newOwner;
}

/*
    @notice Send funds owned by this contract to another address
    @param tracker  - ERC20 token tracker ( DAI / MKR / etc. )
    @param amount   - Amount of tokens to send
    @param receiver - Address we're sending these tokens to
    @return true if transfer succeeded, false otherwise 
*/
function sendFundsTo( address tracker, uint256 amount, address receiver) public returns ( bool ) {
    // callable only by the owner, not using modifiers to improve readability
    require(msg.sender == owner);

    // Transfer tokens from this address to the receiver
    return ERC20(tracker).transfer(receiver, amount);
}

// depending on your system,  you probably want to suicide this at some
// point in the future, or reuse it for other clients
}

The answer is based on Micky Socaci's solution here. The entire solution, with the necessary modifications, is hosted on My Github with a Creative Commons License so it can be dropped into any codebase.

A star would be appreciated if this helps you :).

https://github.com/Meshugah/ERC20-CommonGasWallet

Best Answer

Related Solutions

[Ethereum] Common Gas Wallet for ERC20 Wallets

Our particular constraints:

The solution: A contract that generates receiver contracts

Related Topic