Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Verify ENS name client side #1520

Open
rachelhamlin opened this issue Jul 9, 2019 · 9 comments

Comments

@rachelhamlin
Copy link
Member

commented Jul 9, 2019

Moving from react #8541

User Story

As a user, I want to make sure ENS name displayed in chat and profile has been verified.

Description

Type: Feature

ENS name is sent as part of chat messages and account details. It is displayed as is and could be spoofed.

Proper solution involves checking the ENS validity client side. For performance reason it's been agreed that it should be done status-go side.

@rachelhamlin rachelhamlin changed the title Verify ENS names Verify ENS name client side Jul 9, 2019

@rachelhamlin

This comment has been minimized.

Copy link
Member Author

commented Jul 9, 2019

Is the required change clear @PombeirP?

If it's straightforward enough, perhaps we could get it done in the next week. If so, we can include all of @jeluard's ENS work in the upcoming release (native registration + default display in chat).

@PombeirP

This comment has been minimized.

Copy link
Member

commented Jul 9, 2019

@rachelhamlin I'd just add the details @jeluard mentioned, i.e. that the data that is returned from status-go will omit the ENS name if it couldn't be verified.

@jeluard

This comment has been minimized.

Copy link

commented Jul 10, 2019

@PombeirP Some more details: the message payload contains a :content map, itself optionally containing a :name string. This name is the full ENS name (e.g. julien.stateofus.eth, pombeirp.eth).

At the status-react level we need to know if this name is really controlled by the message sender. So the payload should be modified in such a way that the :name string can be trusted. The simplest would be to just drop it if it has been spoofed.

Checking for name validity is a simple ENS contract call (I can provide guidance if needed).

@rachelhamlin

This comment has been minimized.

Copy link
Member Author

commented Jul 11, 2019

@flexsurfer you mentioned that we need this for the code freeze. Still true based on today's discussion?

@PombeirP could we assign someone to this?

@PombeirP

This comment has been minimized.

Copy link
Member

commented Jul 11, 2019

I think I should be able to take it.

@PombeirP PombeirP self-assigned this Jul 11, 2019

@flexsurfer

This comment has been minimized.

Copy link
Member

commented Jul 12, 2019

i'm not sure about code freeze, but it must be in v1 for sure if we want ens names in chats, but it's blocked by chat api, we can implement only after chat api will be done on go side

@rachelhamlin

This comment has been minimized.

Copy link
Member Author

commented Jul 12, 2019

Noted. Should we consider this a blocker to releasing ENS resolution @flexsurfer @jeluard?

@jeluard

This comment has been minimized.

Copy link

commented Jul 12, 2019

It's definitely a security concern. Not entirely clear if it should prevent ENS being released in the pre-v1 release.
@corpetty WDYT?

Also note that the check could be implemented status-react side, if needed.

@rachelhamlin

This comment has been minimized.

Copy link
Member Author

commented Jul 15, 2019

Note: we can get a contributor to hide the ENS chat resolution feature for beta release v0.14, so this does not need to be done before that. Will come back later on the level of priority for v1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.