-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace eth_sign behavior with eth_personalSign behavior #2215
Comments
@danfinlay what does this mean for developers who simply want to sign a blob of data with the I feel like I've tried every possible combination of Example using TestRPC:
Test private key: hash: Truffle and/or backend:
MetaMask:
Doesn't really seem like there is an exhaustive guide for producing consistent results of message signing. I'd be happy to write one up, if I had that knowledge. Will future versions of metamask make it easier to sign data in this way, consistently? |
The sign methods have been horribly abused by basically every client. I think we’ve made our best effort at showing how to get these signatures in this sample dapp: It relies on a module we maitain called eth-sig-util. I can’t comment on truffle’s sign approach, except that seriously, every client signs differently, and it’s awful, and that’s why I’m hoping to turn a new, better specified page with eth_signTypedData. |
I wouldn’t be surprised if truffle’s sign method is equivalent to MetaMask’s personal sign method. |
Has this been implemented already? I tested web3.eth.sign() in my chrome console with metamask enabled, it seems it doesn't prepend the "\x19Ethereum Signed Message:\n${msg.length}" prefix. However web3.personal.sign() does. Rather confused as testrpc and geth and metamask has different behaviors, what is the standard expected behavior? |
@johnweldon there is no standard, don't expect anything. MetaMask Best to read the source code in the metamask core repository to fully understand. |
Cool thank you @bwheeler96 , can you share me a code pointer to signing in metamask? Also as regards to the title in this topic - would metamask make eth_sign signing like eth_personalSign in future? Thanks! |
Here are examples of every currently supported MetaMask signing method.
Yes, we need to do this, it is just going to be painful for the Dapps that have come to rely on |
@danfinlay FWIW I think nearly every smart contract at this point is designed to use the prefixed signature, just the frontends aren't updated. IDEX being a current example. |
The eth_sign method has been considered insecure for a long time, because it allows signing arbitrary data blobs, which can leak personal information, and be used to sign transactions without the usual approval process. We have long implemented the preferred alternative as personal_sign, which is actually not the same as any other client. For both security and cross-client compatibility, this change brings eth_sign up to the same behavior as personal_sign, without deprecating that method, again for retroactive compatibility. Fixes #2215
Alright @bwheeler96, I agree it's long overdue. I've opened a PR for team review: |
The eth_sign method has been considered insecure for a long time, because it allows signing arbitrary data blobs, which can leak personal information, and be used to sign transactions without the usual approval process. We have long implemented the preferred alternative as personal_sign, which is actually not the same as any other client. For both security and cross-client compatibility, this change brings eth_sign up to the same behavior as personal_sign, without deprecating that method, again for retroactive compatibility. Fixes #2215
blocked by EIP 712 |
@danfinlay you closed #4117 and referenced this issue.
Is this still Metamask's position that all dApps going forward must create work arounds for Metamask's old implementation of From a developer perspective this is what we see:
Are we just biding out time until EIP712 is greatly adopted, and keeping You probably have the analytics of who's using |
im still trying to understand this. im just so confuzed |
It is not the case that only EtherDelta uses Those developers indicate it is useful to have a low-level signing method available like For that reason, the only thing keeping me from closing this issue now is the possibility of broader ecosystem compatibility. If it's true that developers are playing whack-a-mole, and if it's true that most other wallets implement this method another way, I think we would consider this. On the other hand, we haven't seen serious outcry over this at all. I'm fairly sure that abstraction libraries like I'm pretty sure we don't have metrics on dapp usage of this method, but I will check and get back here if we do. I would also welcome any compatibility table someone wanted to present demonstrating how different clients are handling these methods. Without evidence of broader incompatibility and developer preference, I am inclined to support continuing the current behavior, and potentially closing this issue as |
Agreed. Closing as a duplicate of #1930. |
We are actually doing
eth_sign
andeth_personalSign
both wrong.personal_*
methods are meant to take a password, and never be exposed to Dapps.eth_sign
is still doing the deprecated signing method, and is basically only supported because EtherDelta still uses it.Eventually we should make our
eth_sign
method do what ourpersonal_sign
method currently does, which is what Geth and Parity both do anyways.The text was updated successfully, but these errors were encountered: