Why is this even an issue?
- Wrote the current implementation quickly so I can build out other functions
- Authentication flow (signInWithCustomToken) and message signing/verification (verifyMessage) should be thoroughly tested before public release and mainnet announcement
- Handle invalid signatures, edge cases, and spot out potential security risks
- No immediate financial security risks, so no need for concern.
- Potential risk: If a security leak is found (i would make sure there isn't thats why this issue exist lol) , it could expose information (e.g., getting another person employees details).
Possibly?
- Write unit tests for verifyMessage and API auths
- Test different wallets and edge cases (invalid signatures, replay attacks bla bla
Why is this even an issue?
Possibly?