You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We should also validate that the order of fields in the domainSeparator matches the specification. We have found that some hardware wallets (e.g. Keystone) will reorder fields to match the specification, so if we don't validate that ourselves the signatures won't be verifiable.
We don't have much in the way of input validation for
signTypedData
. This is dangerous because invalid inputs can result in non-standard encodings.Some examples of this are:
uint
values are currently encoded as positive values. The negative is ignored.address
field can be used to store values far larger than an address.We should strictly validate input, so that users don't accidentally become reliant upon non-standard and non-portable encodings.
The text was updated successfully, but these errors were encountered: