Webhooks have become an essential component in the world of decentralized systems, allowing servers to communicate asynchronously in a dynamic and ever-changing digital environment.
During ETHCC Paris, Harry Bairstow, Software Engineer at Wallet Connect, discussed his team’s development of a system to send webhooks to various wallets and dapps while maintaining security.
WalletConnect is an open-source protocol that facilitates wallet connection and interaction with DApps and other wallets. Through the simple act of scanning a QR code or clicking on a deep link, WalletConnect initiates a secure encrypted connection between the user wallet and a DApp. Moreover, this protocol boasts push notification features, ensuring users are alerted to incoming transactions.
On the other hand, web3 webhooks, functioning in decentralized environments powered by smart contracts, are similar to traditional webhooks which enable cross-system communication.
In contrast to centralized setups, Web3 webhooks observe blockchain events and transmit real-time payloads to your backend.
These processes encompass actions such as asset transfers, wallet activities, and contract emissions. Web3 webhooks saves from constant database polling by automatically initiating payload deliveries for specific events of interest.
Why webhooks
He described a situation in which two servers have to communicate asynchronously, operating independently without the need for immediate interaction.
While these servers exchange information via HTTPS, this method has disadvantages, including the potential for servers to be flooded with unauthorized requests, underscoring the importance of addressing security and trust-related issues.
To address some of these concerns, he noted that webhooks are essential for Wallet Connect. How? When integrated with WalletConnect, they can help facilitate push notifications between, for example, the desktop of a user and their mobile wallet.
These notifications might inform users about various updates, such as receiving new offers or needing more liquidity in Opensea or similar applications.
The integration of webhooks and WalletConnect allows for seamless communication and notification systems between different platforms and devices.
Another advantage he mentioned is that webhooks have less load than traditional websockets. So instead of using the traditional method of a wallet with websockets, the entire communication process can be sent “to servers, and they can be managed individually.”
He added that there are more opportunities with webhooks such as “no required long-living TCP connections and more security opportunities,” to explore.
Challenges with security
He also added that while his team has explored a few security options that are linked with how web3 wallets can communicate with each other, such as leaving the protocol without any security architecture, hoping that users will be trusted, they realized that it was impractical due to the resultant lack of trust and potential abuse.
To address the issues, the Software Engineer explained to the audience the need to shift towards a system where each webhook is associated with a distinct public key, ensuring both decentralization and enhanced security.
Further thoughts
Bairstow highlighted integrating services with webhooks and outlined tasks like storing keys, validating requests, and forwarding messages.
The presentation hinted at Wallet Connect’s decentralized future, with client IDs having public keys. Bairstow encouraged listeners to visit the website and see the project’s documentation at docs.walletconnect.com
Finally, he noted that while the team is committed to ongoing improvement, they are open to feedback from the web3 community using securitywallconnect.com as a communication link.
