Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove ERC712 signing data as separate argument #26

Open
jtrein opened this issue Feb 17, 2021 · 0 comments
Open

Remove ERC712 signing data as separate argument #26

jtrein opened this issue Feb 17, 2021 · 0 comments
Assignees
@jtrein
Labels
bug Something isn't working

Comments

@jtrein
Copy link
Member

jtrein commented Feb 17, 2021
edited
Loading

Expected behavior

We shouldn't allow for users to send their own sig + data to verify sig on POST message as this means they could technically send any previous signature and data. I only implemented this as a temporary stop-gap solution so I could quickly sign the same data the moloch v3 contracts expected.

We need to find a good way to allow Snapshot Hub and Moloch v3 to accept the same signatures (or something to that effect).

The dependencies of this being rectified is changing which data the user signs for Snapshot Hub and Moloch v3. Today, they see many hashed conversions of formerly readable text strings (e.g. name: "A Good Proposal" -> nameHash: "0x3de4....") which is not ideal.

Actual behavior

Users can send any sig + data to verify sig.

Steps to reproduce the behavior

Sign some proposal data in Tribute Dapp.

cc: @adridadou @fforbeck
@jtrein jtrein added the bug Something isn't working label Feb 17, 2021
@jtrein jtrein self-assigned this Feb 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jtrein jtrein

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jtrein