Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

signTypedData input validation #209

Open
Gudahtt opened this issue Sep 16, 2021 · 1 comment
Open

signTypedData input validation #209

Gudahtt opened this issue Sep 16, 2021 · 1 comment

Comments

@Gudahtt
Copy link
Member

Gudahtt commented Sep 16, 2021

We don't have much in the way of input validation for signTypedData. This is dangerous because invalid inputs can result in non-standard encodings.

Some examples of this are:

  • Negative uint values are currently encoded as positive values. The negative is ignored.
  • Some out-of-bounds integer values and byte values are possible to encode right now.
  • We don't validate address input, so the address field can be used to store values far larger than an address.

We should strictly validate input, so that users don't accidentally become reliant upon non-standard and non-portable encodings.

@Gudahtt Gudahtt changed the title signTypedData Input validation signTypedData input validation Sep 16, 2021
@Gudahtt Gudahtt added this to the signTypedData_v5 milestone Sep 16, 2021
@Gudahtt
Copy link
Member Author

Gudahtt commented Apr 16, 2024

We should also validate that the order of fields in the domainSeparator matches the specification. We have found that some hardware wallets (e.g. Keystone) will reorder fields to match the specification, so if we don't validate that ourselves the signatures won't be verifiable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant