Great questions! Let’s break it down.
- how do you ensure the wallet created by ai is safe ?
The idea is that upon creating the GPT inside Blink, it creates a wallet using Web3Auth API, and the key will be stored safely in Torus blockchain (MPC). Whenever its needed, Web3Auth API will be used.
The connection with Web3Auth API (JWT token) will be signed by a private key known to the server, stored in Azure Key Vault. Probably we can use the Azure Key Vault to sign, so the key won’t travel outside of the vault (this is not yet implemented).
- does it mean it stored on the centralised database?
Wallet keys are not stored centrally, but using MPC on Torus blockchain. But it is true that at the moment there is a secret for each GPT known by the centralized server to create the signer. An additional step, which was not implemented for this hackathon, would be that the user enters a passcode at the start of AI interaction or at the point of first engagement (asking it to sign something). This would add an additional layer of security.
- so who’s handle the fee for transaction??
Each developer needs to fund its GPT if needed. When creating a new GPT, choosing its capabilities and hitting ‘Save’, Blink creates a wallet for it using the above mentioned method. At this point the developer needs to also fund the GPT wallet.
If the developer forgets to do it the AI will notify “Hey, I have insufficient funds to complete the transaction”
- and it seems i have no control on the wallet correct? so how do i transfer my asset later?
Two things to note here. Remember the AI can also prepare transactions. When the AI prepares a transaction the user needs to execute it using his/her own private wallet (login with WalletConnect etc).
The developer can also btw configure that the AI can only prepare transactions, not execute. In this case the AI wallet does not even need to be funded.
Secondly, if the AI wallet is used to execute the transactions it will create assets, but usually immedately set the owner as well. For example, the mint method for the NFT contract accepts, as the last parameter, the owner. So even if the AI executes the transaction, it will set the users wallet as the owner (it will ask for the address). So at no point will it own the asset.
function mint(string calldata name,string calldata image,string calldata description,address owner)