This project aims to use blockchain technology to prevent businesses falling victim to attacks such as phishing emails or claiming the bank account of 'a supplier' changed.. It uses the 'everybody lies' principle, where we assume no one can be trusted.
The correct bank account number(s) for a company can be broadcast to the public, by using at least 3 on-chain signatures:
- The business that holds the bank account
- The bank
- The government
Banks, payment providers and other actors in the financial world can do a quick API call to get onchain data. The only thing needed is the company account number (VAT number in Europe for example). One can input the VAT number of their supplier to get a list of verified bank account numbers using afetch command. This provides peace of mind by ensuring payment is going to the correct supplier.
- The business gets registered with the government and bank. A bank account number is issued and provided to the government.
- The 3 important actors all know the real bank account number. They log in to a portal and confirm bank account number 098ZYX belongs to company number 123ABC.
- When there are 3 different signatures for a given combination, the information is validated on-chain and the correct bank account number for each business can be retreived with a fetch command.
- Banks can integrate the data in their payment screens. Before the payment is allowed, a check is made with the on-chain data.
- This dapp can only be fully tested when deploying the contract to your localhost, use Ganache GUI or CLI for this.
- The company number can only exists of numbers (uint).
- All names should be entered in capital letters (see NatSpec information in the .sol file).
Folder | Description |
---|---|
Build | Contains json files for imported contracts and migration files |
Contracts | Contains migration and fraudBattle main contract |
Migrations | Javascript files to handle migrations |
Test | Contains the unit tests |
This dapp uses following dependencies:
- truffle/hdwallet-provider: ^1.7.0
- dotenv: ^10.0.0
- node: ^16.13.0
- ethers.js
- React
- Create a new directory, clone this repo and run
npm install
to install all dependencies. - Install Metamask and log in
- Launch a new workspace on Ganache.
- Create a new
.env
file in the root folder of the project. - Copy the mnemonic phrase from Ganache and paste it in the
.env
file like so:MNEMONIC = "insert mnemonic here, do not delete the "" "
- Make sure to check if Ganache runs on port 8545. If it runs on another port (7545 for example), modify your
truffle-config.js
like so:
host: "127.0.0.1", // Localhost (default: none)
port: 7545, // Standard Ethereum port (default: none)
network_id: "*", // Any network (default: none)
},
-
Go to Metamask and change the network to 'Localhost: 8545' (or your custom port number, see #6).
-
Deploy the contract with ´truffle migrate --network development´.
-
Grab the contract address after the deployment has finished, go the the directory
fraudbattle\src\
and paste it on line 7 of the fileConnected.js
:const contractAddress = "paste contract address here"
. -
Copy the private key of the first 3 accounts and import these 3 accounts in Metamask (Click here for instructions). For ease of use, you should rename the 3 imported accounts like so:
- Owner/government (imported account 1)
- HSBC (imported account 2)
- CONSENSYS (imported account 3)
-
Copy the wallet address of all 3 accounts to a text editor.
-
Cd into the
fraudbattle
folder and install the necessary dependencies (like React) withnpm install
. -
Start the dapp with
npm start
. -
Go to the new tab that was just opened.
-
In your Metamask wallet, connect to the
localhost
network, make sure to select the 'Owner/government' account and connect the account to the dapp. If needed, manually connect Metamask to the dapp. -
Add a new bank called
HSBC
with the appropriate wallet address (account 2), click theConfirm
button and after that the greyAdd bank on-chain
button. Wait for the transaction to complete. -
Add a new business called
CONSENSYS
with the appropriate wallet address (account 3) and other details (only numbers for the company number!) and wait for the transaction to complete. Make sure to useHSBC
as bank. -
Go to section B.
-
While still using the owner/government account (account 1), click the greyconfirm the combination of company number and bank account number of the business you just added.
-
Switch to the account
HSBC
(account 2), connect to the dapp again, click the grey 'Bank' button and confirm the combination of company number and bank account number. -
Switch to the account
CONSENSYS
(account 3), connect to dapp site again, click the grey 'Business' button and confirm the combination of company number and bank account number. -
You can now query the on-chain records and retreive the confirmed bank account number for the business you added.
You can run the unit tests by using the truffle test
command.
The screencast can be viewed here.
The online version of this dapp can be found at https://fraudbattle.netlify.app/. Because only the contract owner/government can add a bank or business, most of the functionality is disabled in the online version. You can however lookup the verified bank account number for the business with company number 5566778. These records were already added to the smart contract.
- Multisig wallets
- Ability for end-users/contracts to verify the official wallet address of a business.
0xd97fA6CCc45D404fD369D3aDfD440F5e8Ff85477