External dApps

Overview

Strike supports dApp transaction signing in an equivalent form to EOA (externally owned account) wallets and may be used like any other wallet to transact with a dApp.
Strike implementation provides configurable multisig approvals of dApp transactions as well as optional dApp whitelisting.

Signing

Solana program based wallets do not have an underlying private key that corresponds to their public key like an EOA wallet does. Because of this, the process of sending or signing a dApp transaction in a program based wallet is implemented using a different approach.
Specifically, in an EOA wallet the following happens:
  • sign dApp transaction - When the dApp passes the transaction, the wallet uses its copy of the user’s private key to sign it and hands it back so the dApp can send it to the dApp.
  • send dApp transaction - When the dApp passes the transaction, the wallet uses its copy of the user’s private key to sign it and it to the dApp on-chain.
In the Strike program based wallet:
  • sign the dApp transaction - when the dApp passes the transaction, a dApp multisig op is initiated. During the initiation of the op, the dApp instructions are passed into the wallet and stored in the multisig op data account. Once the required number of approvals is complete (with a minimum of a single approval ), a signed finalize instruction for the multisig op is passed to the dApp. When the dApp executes the returned instructions, the dApp transaction will be executed as part of finalizing the multisig op.
  • send the dApp transaction - when the dApp passes the transaction, a multisig sig op is created as above. The only difference is that after approvals, finalize is called and the dApp instructions are executed on the chain during the finalize without returning the transaction to the dApp for execution.

Approvals

All dApp transactions must be approved before they can be executed. dApp transactions on a balance account are subject to the same approval policy as transfers.

Whitelisting

Strike supports the concept of whitelisting for dApps. There is a global dApp book (similar to the global address book for transfers).
Whitelisting in the wallet is based on verifying that instructions in a transaction to be sent or signed are instructions from one or more of these programs:
  • System program (11111111111111111111111111111111)
  • Token program (TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA)
  • Associated Token program (ATokenGPvbdGVxr1b2hvZbsiqW5xWH25efTNsLJA8knL)
  • Program address(es) of the dApp
When a configuration request for a balance account enables dApp access, there is an additional option to turn on dApp whitelisting. If this attribute is on, then only dApps that are present in the dApp book may be accessed on that balance account.