-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
eth_sign does not work with checksummed addresses #204
Comments
This seems a little hacky to me. If an address is checksummed, the application should handle it with the checksumming. |
Interesting point. So I should not make the address-check case-ignorant? How would you model the check: If one address is checksummed and the other is not, then I think the purpose of the checksum is to avoid copy/paste errors. Which happen mainly outside of the systems, when users write addresses down or read one via QR-code or similar. So internally we can just ignore them. |
"This is not something to be taken lightly and soft errors in your RAM, the switch of a bit from a 0 to a 1, caused by occurrences like cosmic rays, do happen. Unbeknownst to you, the address stored in your clipboard would be different to the one you copied. Such unfortunate situations can easily be prevented with checksum." see https://coincodex.com/article/2078/ethereum-address-checksum-explained/ So assuming that an address held in memory or passed between applications would not be modified by entropy is a low possibility event, and yet it has greater than zero probability chance of occuring. Can we risk transactions that may be processing millions of dollars worth of ethereum for convenience? |
I think what would make a difference here is making sure all addresses in Frame are checksummed internally and erroring when we receive a request that contains non-checksummed addresses. We will add this option to a future release. |
When I run:
curl -X POST --data '{"jsonrpc":"2.0","method":"eth_sign","params":["0xe4844A7E46049106De7408d9AF2A13bd2DD92E53", "0xdeadbeaf"],"id":1}' --url http://127.0.0.1:1248
I receive the following error:
But it works with:
curl -X POST --data '{"jsonrpc":"2.0","method":"eth_sign","params":["0xe4844a7e46049106de7408d9af2a13bd2dd92e53", "0xdeadbeaf"],"id":1}' --url http://127.0.0.1:1248
The text was updated successfully, but these errors were encountered: