Comments (3)
Sorry for the long delay. What is the status of this issue? Should we put a PR in on the contract?
from burner-wallet.
@catageek can you explain a little more?
The signature can then be used by the attacker in claim() after 100 blocks.
This part is not clear. How can it be used after 100 blocks? From my understanding, it gets locked in the contract.
I think that a fix to create a unique key even if an id is reused could be:
keccak256(id, destination, nonce, contract address)
from burner-wallet.
@riusricardo It's a misunderstanding of my part. In fact the Claim() can be done immediately before the expiration delay (which is 100 blocks).
I think that a fix to create a unique key even if an id is reused could be: keccak256(id, destination, nonce, contract address)
Yes, contract address being the address of the Wallet. To avoid signature domain collision, each contract should have a unique key that no other contract will generate, so keccak256(Id) in send() should be keccak256(Id, nonce, factory contract address, msg.sender) to be sure that the data is signed for your contract and not replayed from something else.
EDIT: I changed the order of arguments to keccak256(Id, nonce, factory contract address, msg.sender) in send() to never collide with keccak256(Id, destination, nonce, contract address) in claim()
from burner-wallet.
Related Issues (20)
- Create a proposal on how the burner-wallet can prevent its private key from leaking when signing an external dapp's transactions HOT 1
- Improve burner-wallet development by using test or local networks
- Use estimateGas for gasLimit instead of arbitrary value HOT 1
- Support Light Clients
- Add Token Meta Transactions
- create continuous integration HOT 4
- Disable or hide the Metamask popoup HOT 1
- Create a Burner Wallet Web3 Provider for Web3connect HOT 3
- Retrieve xdai locked on the link contract
- send with link for large numbers failing
- Incorrect incognito detection
- Add Ethereum address to FUNDING.yml
- Upgrade contracts to GSN network HOT 2
- Using many deprecated dependencies
- scrypt dependency fails on node v12.12.0
- DAI doesn't show in BurnerWallet
- xDAI.io stuck when trying to convert Dai to xDai
- Transactions that are removed from blockchain are still shown in the DApp
- Robinsonwealth
- Top
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from burner-wallet.