Comments (22)
Ahh got it! Thought there would be an explanation. Thanks a lot for clearing that up 😀
from burner-wallet.
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
This issue now has a funding of 75.0 DAI (75.0 USD @ $1.0/DAI) attached to it.
- If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
- Want to chip in? Add your own contribution here.
- Questions? Checkout Gitcoin Help or the Gitcoin Slack
- $56,344.84 more funded OSS Work available on the Gitcoin Issue Explorer
from burner-wallet.
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
Work for 75.0 DAI (75.0 USD @ $1.0/DAI) has been submitted by:
@austintgriffith please take a look at the submitted work:
- Learn more on the Gitcoin Issue Details page
- Want to chip in? Add your own contribution here.
- Questions? Checkout Gitcoin Help or the Gitcoin Slack
- $43,934.81 more funded OSS Work available on the Gitcoin Issue Explorer
from burner-wallet.
hey @austintgriffith, looks like there's some submissions to take a look at :)
from burner-wallet.
I'm going to extend this bounty and double the reward. We need to continue to hash out issues. I've seen a little activity here which is awesome. Is there someone in particular heading this up? Do we have a list of potential issues and severity? Hit me up directly if I can help on telegram: @austingriffith
from burner-wallet.
@austintgriffith there are 4 issues that I have seen so far and confirmed on tests. The replay attack, discovered by @catageek and 3 more that I'll directly disclose to you before making them public.
from burner-wallet.
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
Work has been started.
These users each claimed they can complete the work by 3 months ago.
Please review their action plans below:
1) mohoff has started work.
Found another point of discussion
Learn more on the Gitcoin Issue Details page.
from burner-wallet.
Okay, sounds like we created new issues for each of these. Let's go ahead and pay out this bounty and move on to tackling the bugs with the contracts. I think it's okay to publicly disclose contract issues here too. The Burner Wallet is really used in production yet and we need to tackle the issues. I'll add a little more funding to this issue to make the payout a little better too.
from burner-wallet.
⚡️ A tip worth 75.00000 DAI (75.0 USD @ $1.0/DAI) has been granted to @riusricardo for this issue from @austintgriffith. ⚡️
Nice work @riusricardo! Your tip has automatically been deposited in the ETH address we have on file.
- $34844.67 in Funded OSS Work Available at: https://gitcoin.co/explorer
- Incentivize contributions to your repo: Send a Tip or Fund a PR
- No Email? Get help on the Gitcoin Slack
from burner-wallet.
⚡️ A tip worth 50.00000 DAI (50.0 USD @ $1.0/DAI) has been granted to @mohoff for this issue from @austintgriffith. ⚡️
Nice work @mohoff! Your tip has automatically been deposited in the ETH address we have on file.
- $34848.26 in Funded OSS Work Available at: https://gitcoin.co/explorer
- Incentivize contributions to your repo: Send a Tip or Fund a PR
- No Email? Get help on the Gitcoin Slack
from burner-wallet.
⚡️ A tip worth 25.00000 DAI (25.0 USD @ $1.0/DAI) has been granted to @catageek for this issue from @austintgriffith. ⚡️
Nice work @catageek! Your tip has automatically been deposited in the ETH address we have on file.
- $34910.07 in Funded OSS Work Available at: https://gitcoin.co/explorer
- Incentivize contributions to your repo: Send a Tip or Fund a PR
- No Email? Get help on the Gitcoin Slack
from burner-wallet.
⚡️ A tip worth 37.50000 DAI (37.5 USD @ $1.0/DAI) has been granted to @riusricardo for this issue from @austintgriffith. ⚡️
Nice work @riusricardo! Your tip has automatically been deposited in the ETH address we have on file.
- $34927.20 in Funded OSS Work Available at: https://gitcoin.co/explorer
- Incentivize contributions to your repo: Send a Tip or Fund a PR
- No Email? Get help on the Gitcoin Slack
from burner-wallet.
⚡️ A tip worth 18.75000 DAI (18.75 USD @ $1.0/DAI) has been granted to @mohoff for this issue from @austintgriffith. ⚡️
Nice work @mohoff! Your tip has automatically been deposited in the ETH address we have on file.
- $34927.20 in Funded OSS Work Available at: https://gitcoin.co/explorer
- Incentivize contributions to your repo: Send a Tip or Fund a PR
- No Email? Get help on the Gitcoin Slack
from burner-wallet.
⚡️ A tip worth 18.75000 DAI (18.75 USD @ $1.0/DAI) has been granted to @catageek for this issue from @austintgriffith. ⚡️
Nice work @catageek! Your tip has automatically been deposited in the ETH address we have on file.
- $34927.20 in Funded OSS Work Available at: https://gitcoin.co/explorer
- Incentivize contributions to your repo: Send a Tip or Fund a PR
- No Email? Get help on the Gitcoin Slack
from burner-wallet.
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
This Bounty has been completed.
Additional Tips for this Bounty:
- austintgriffith tipped 18.7500 DAI worth 18.75 USD to catageek.
- austintgriffith tipped 18.7500 DAI worth 18.75 USD to mohoff.
- austintgriffith tipped 37.5000 DAI worth 37.5 USD to riusricardo.
- austintgriffith tipped 25.0000 DAI worth 25.0 USD to catageek.
- austintgriffith tipped 50.0000 DAI worth 50.0 USD to mohoff.
- austintgriffith tipped 75.0000 DAI worth 75.0 USD to riusricardo.
- Learn more on the Gitcoin Issue Details page
- Questions? Checkout Gitcoin Help or the Gitcoin Slack
- $34,852.20 more funded OSS Work available on the Gitcoin Issue Explorer
from burner-wallet.
|
⚡️ A *Eth Hacker* Kudos has been sent to @catageek for this issue from @austintgriffith. ⚡️
Nice work @catageek! |
from burner-wallet.
|
⚡️ A *Eth Hacker* Kudos has been sent to @mohoff for this issue from @austintgriffith. ⚡️
Nice work @mohoff! |
from burner-wallet.
|
⚡️ A *Eth Hacker* Kudos has been sent to @riusricardo for this issue from @austintgriffith. ⚡️
Nice work @riusricardo! |
from burner-wallet.
I was looking at the contracts and had a question I was hoping someone could answer. In Links.sol, send function, the recoverSigner function is used to recover the address for the funds[_id].signer. Is there a reason that a _signature is used instead of just the wallet address directly?
from burner-wallet.
@johngrantuk There are some considerations for the SC.
Think of it as a EOA account. It has a similar functionality in terms of storing value, but anyone can use it.
For this reason it is important to validate that you are the "owner/creator" of a fund. The same way as if you use your private key to transfer from an EOA.
The idea behind the burner wallet is to use signed transactions and simulate the transfer from an EOA.
In order to create the send by link functionality or any offline transaction, the sender needs to give a signed message to the recipient. In this case it is a signed hash. The hash has an incremental nonce to emulate the EOA send transaction to prevent replay attacks. It also includes more parameters to create every signed hash/fund as a unique identifier.
I hope this answer helps!
from burner-wallet.
Thanks for the reply @riusricardo. Specifically I was wondering about line47 in the send function:
address signer = recoverSigner(_id,_signature);
As I understand recoverSigner returns the public address of the signature. This public address is linked to where the value is stored at. The parameter, _signature, that is passed in to send is only used in this line and doesn't have any other purpose.
I was really just wondering if instead of passing in _signature and using recoverSigner (which I imagine uses a fair bit of gas) would it not be more gas efficient to just pass in the public address directly so there is no need to call recoverSigner?
This could be of no consequence at all but was just something that jumped out at me so thanks for your time!
from burner-wallet.
@johngrantuk , your assumption is correct if we think that there is no other way to interact with the smart contract than from the wallet app. However this will introduce a security flaw because anyone can create a fund and assign another signer. Creating a strange behavior if someone else can "sign" in your name.
EDIT: By "sign" I'm only thinking on, that someone else is depositing in your name. Not that someone else can create a signature. More than a security flaw it is a strange behavior for the actual scope. This could also become a new functionality. It could be equivalent to a deposit from someone else into your account and only you can sign to send the value.
from burner-wallet.
Related Issues (20)
- Create a proposal on how the burner-wallet can prevent its private key from leaking when signing an external dapp's transactions HOT 1
- Improve burner-wallet development by using test or local networks
- Use estimateGas for gasLimit instead of arbitrary value HOT 1
- Support Light Clients
- Add Token Meta Transactions
- create continuous integration HOT 4
- Disable or hide the Metamask popoup HOT 1
- Create a Burner Wallet Web3 Provider for Web3connect HOT 3
- Retrieve xdai locked on the link contract
- send with link for large numbers failing
- Incorrect incognito detection
- Add Ethereum address to FUNDING.yml
- Upgrade contracts to GSN network HOT 2
- Using many deprecated dependencies
- scrypt dependency fails on node v12.12.0
- DAI doesn't show in BurnerWallet
- xDAI.io stuck when trying to convert Dai to xDai
- Transactions that are removed from blockchain are still shown in the DApp
- Robinsonwealth
- Top
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from burner-wallet.