This repository was archived by the owner on May 13, 2022. It is now read-only.
This repository was archived by the owner on May 13, 2022. It is now read-only.
Update EIP712 signature standard after it is finalized #227
Description
This should be closed when the EIP712 is finalized and we update our implementation.
The EIP712 saga
You can find info about the standard here: ethereum/EIPs#712
Last known status before our bug bounty mainnet release: ethereum/EIPs#712 (comment)
tl;dr reasons for using it:
- trust-free user signatures for the balance proof messages used in doing a micropayment - user sees what he signs in a readable format (Ethereum addresses, how many tokens he owes the receiver, data for the open micropayment channel). This data is encoded by web3.js, not by the Dapp, making it safe from malicious Dapp implementations.
- using the old signature formats, the user would have been shown an unreadable message and would not have been able to know what he signs.
- our initial pre-EIP712 approach for the above issue was using the contract to encode the message, while still showing readable data to the user. This meant having complicated string concatenation code inside the contract, that could have hidden vulnerabilities.
Documenting our issues, PRs and approaches on this: