smart wallet support for Merkle Airdrop

[dckc]

Merkle Airdrop is one of the conventional Solidity examples. How would we do the equivalent on the Agoric platform?

A naive approach would be to send an Invitation to each intended recipient. But that's an exorbitant amount of compute.

Another approach is to have participants provide a signed merkle proof in offerArgs, and have the contract check the signature and then check the merkle proof. But that adds another signature to the UX. (See diagram for details.)

The contract needs a signed proof because it doesn't know the address of the party that executed the offer. But the smart wallet does know. So the idea here (ack: @dtribble ) is to have a new smart wallet invitation source. The smart wallet checks the merkle proof, and if it's good, requests a suitable invitation from the contract.

cc @tgrecojs @Jovonni

[dckc]

The contract method for making such invitation shouldn't be a plain public facet method; otherwise, callers could skip the whole merkle proof burden.

Maybe the smart wallet has a special cookie that it can present to exercise this right, and the contract gets the cookie in its privateArgs. But the the contract could exercise the same right when calling other contracts. So something like the Notary Inspector pattern? I suppose ERTP mints and issuers serve as pretty good notaries and inspectors. So the smart wallet would pay the contract for the invitation :)