New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure account and network respected when signing message #2463
Comments
Understand this isn't working. Some questions about how this flow should work:
These q's are somewhat reminiscent of #1281, though different in that this is using a different configuration, rather than switching to it. |
I think in the short term this should work as it does in production with signing transactions:
I think these are valid questions, but they aren't specific to the sign messages functionality. I think with the RPC changes you have in flight, these questions make a lot of sense. As it stands right now, I would say the functionality is broken. if someone has signed into a stacks app with a non-index-0 address, they won't correctly sign the message (unless they know to switch, which they likely will not know to.) additionally, this could pose a privacy concern around leaking out other addresses/signatures for which the user was not intending. cc @markmhx for visibility |
@beguene this is being reported in Discord again, is this being worked on with your current fixes? |
@fbwoolf Yes I will fix it soon, but it will most likely be in a separate PR. |
@beguene @fbwoolf @kyranjamie feel free to use this example app to test it out: https://micro-stacks-remix-example.vercel.app/ you can see when set in testnet, the token transfer works fine, but the sign message fails as invalid |
further review, it seems to be that the wallet does not switch automatically to the network provided. if I have my wallet it testnet mode, app in testnet mode, it works |
this only seems to apply to the sign message, sign structured message automatically switches as expected |
@markmhx just as a heads up, this doesn't seem to have been fixed so I reopened it. |
@aulneau just using your app to repro this but I don't get the error? Let me know if these repro steps are incorrect... My wallet is on mainnet > your app is on testnet > sign message launches on testnet > successfully signs message |
@aulneau were you able to test this again bc it works for me in your app, can I close this issue? |
When attempting to sign a message, the network or stxAddress passed to the wallet don't seem to make any difference -- I tested the test app you are using in this repo and it seems to be the case there too.
I'd say this is a P1-2 bug, should be base functionality imo. The network does not matter much, but it's confusing to the end user. The bigger issue is it's likely users won't notice that the incorrect address is being used to sign (if they are using an address that is not index 0), and would then sign a message with a different account than they were intending for.
cc @kyranjamie @beguene
The text was updated successfully, but these errors were encountered: