Authentication
How do we know who can withdraw from a PDA that has no private key?
The approach
When someone wants to withdraw:
They log into claimr.app with Twitter
Our backend confirms they own the account
Backend signs a withdrawal permit
Smart contract verifies that signature on-chain before releasing funds
The signature check uses Solana's Ed25519 precompile - it's verified by the program itself, not our backend. Even if someone compromised our API, they couldn't produce valid signatures without the oracle key.
Protections
Replay prevention - Each withdrawal uses a unique nonce. Try to reuse a signature and the transaction fails.
Tamper-proof permits - The signature covers destination, amount, and nonce. Change anything and verification fails.
On-chain enforcement - The smart contract checks everything. Our backend could be completely replaced and the security guarantees would hold.
For integrators
You don't deal with any of this. Lookups and collection are open:
Withdrawals go through claimr.app where we handle the Twitter auth.
Last updated