Power your dApp with Verifiable Real-world Data 

## Power your dApp with Verifiable Real-world Data

## Welcome!
Thank you for your interest in IoTeX. You are welcome to participate in our competitions. Also, take a look at the other prizes:
* Power your dApp with Verifiable Real-world Data (this prize)
* [An Analytics Dashboard for our ioTube Bridge](https://github.com/iotexproject/halogrants/issues/39)
* [Port your favorite dApp to IoTeX using Web3](https://github.com/iotexproject/halogrants/issues/40)

Please <a href="https://discord.gg/gYkJ6EQVgu" target="_blank">join our Discord</a> to discuss the bounties.
## Bounty Prize
**2500 USDT** 
to the most creative submission
## The Challenge
[Pebble Tracker](https://docs.iotex.io/secure-hardware/pebble-tracker/overview) is a multi-sensor IoT board that converts real-world phenomena into verifiable, blockchain-ready data. We would like you to create a simple dApp that gets periodically fed by these verifiable data messages containing sensor values, verifies the message signature, and takes specific actions based on the sensor's values.

Below we provide the basic specifications, but anyone is free to extend it and get creative:
   
1. Use our [Pebble Simulator](https://github.com/iotexproject/pebble-simulator) to generate a set of Pebble sensor data points along with their signature. 
2. Create a smart contract that stores a list of "registered" devices. The contract owner can allow or block/delete devices. Anyone can "register" a new device (use the device IMEI and Public key for identification). 
3. The contract should have a method to receive a Pebble data message and verify both data source device and data integrity.
4. The contract will reject data messages that come from non-whitelisted devices or whose signature is invalid.
5. For valid data messages, The contract will take some action based on the sensor values it received (e.g., store the latest values, transfer funds if a specific event is detected, etc...)
6. Create a frontend for the smart contract that allows users to log in with Metamask; allows any user to register a device, and the contract owner to allowlist, block, or delete registered devices, and displays any data relevant to the smart contract (e.g., display all devices, display latest data per device, display token transfers, contract balance, etc...)

For the Smart Contract, you are required to use Solidity 0.5.13, for the frontend we suggest our [dApp sample](https://github.com/iotexproject/iotex-dapp-sample-v2) (though not a strict requirement)

## Acceptance Criteria
- Code must be clear and well documented
- Applicants work must be open-source on GitHub 
- Although simple, the frontend should be clean and pleasant
- You will are allowed to be creative and build your own IoT data service, as long as all the functions described above are included
- The dApp repository must include a detailed installation & usage guide
- Additional grant via [Halo Program](http://halo.iotex.io/) if strongly exceeds expectation

## Judging Criteria
- We will require a demo of the submission
- We will assign the prize to the dApp that uses the IoT data in the most creative way

# Misc/References
## Useful links
- [Pebble Tracker Data Format](https://docs.iotex.io/secure-hardware/pebble-tracker/technical-specification#data-format)
- [Pebble Tracker Simulator](https://github.com/iotexproject/pebble-simulator)
- [IoTeX dApp Starter](https://github.com/iotexproject/iotex-dapp-sample-v2)
- [ecrecover solidity function](https://docs.soliditylang.org/en/v0.5.13/solidity-by-example.html?highlight=ecrecover#recovering-the-message-signer-in-solidity)
- [Strings concatenation in solidity](https://ethereum.stackexchange.com/questions/729/how-to-concatenate-strings-in-solidity)
## Pebble Message Verification
**Important notice**: the simulator only support Linux and macOS

Data message verification is the key concept behind the verifiability of Pebble Tracker data: you can both verify the *source* (i.e. the device public key) of the data, and the integrity of the data in one single step using the signature included in the Pebble Tracker data messages:
```js
...
"signature": {
  "r":"4c05a4fa3eba782780a517ba03ef6fdd65e5b560a027808b47fcc6ed2b864169",
  "s":"05bde29104febe10c096c550b91f5d8ed2cf0d15fe48e164ee0e9765dda76f34"
}
```
`r`and `s` are the two components of the elliptic curve signature (using secp256k1 curve) of the  data message, obtained by signing the **keccak256 hash of the JSON object rendered to a string without any formatting**. A possible example to verify the message signature would be the following, using the solidity [ecrecover](https://docs.soliditylang.org/en/v0.5.13/solidity-by-example.html?highlight=ecrecover#recovering-the-message-signer-in-solidity) function:

```solidity
// The verification function is called with all Pebble IoT data values, including the signature `r` and `s` components
function receiveData(string temperature, string latitude, string longitude, ..., bytes32 r,  bytes32 s)

// buildJsonString should just rebuild the original pebble data message into an unformatted
// json string using the data passed to receiveData(), and returns the string cast to bytes  
bytes32 hash = keccak256(buildJsonString(temperature, latitude, longitude, ...));
 
// Recover device address from the data message signature 
bool hit;      
address deviceAddress;
// the signature version "v" can be either 27 or 28, the device does not provide it so
// we test both of them       
for (uint8 v = 27; v < 29; v++) {        
  deviceAddress = ecrecover(hash, v, r, s);        
  if (whitelist[deviceAddress] == 1) { 
    hit = true;          
    break;        
  }     
}
```
If `ecrecover()` returns a valid, non-zero address, this means that the data integrity is assured (i.e. the data passed to the contract correspond to those originally signed by the device). If the returned address is also included among the whitelisted devices then both the source and integrity of the data are verified, all is good and the contract can go ahead processing the sensors data (which is now **trusted data**!) and taking the specific actions required by the dApp. 


# IoTeX Useful Links

**Discuss**: Please join our [Discord Dev Chat](https://discord.gg/gYkJ6EQVgu) to ask questions or reach out to `Simone_IoTeX` on Discord if you need any help.

**Docs**: [IoTeX Docs](https://docs.iotex.io) | [Ethereum Compatibility](https://docs.iotex.io/software-tools/ethereum-tools) | [DID](https://docs.iotex.io/middleware-1/decentralized-identity) | [Full Nodes](https://community.iotex.io/t/official-iotex-delegates-thread/1263) 

**Follow Us**: [iotex.io](https://iotex.io) | [Telegram](https://t.me/IoTeXGroup) | [Twitter](https://twitter.com/iotex_io) | [Medium](https://medium.com/@iotex) | [Reddit](https://www.reddit.com/r/IoTeX)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Power your dApp with Verifiable Real-world Data #36