Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication and message signing/verification needs testing. #7

Open
ceeriil opened this issue Feb 6, 2025 · 1 comment
Open

Authentication and message signing/verification needs testing. #7

ceeriil opened this issue Feb 6, 2025 · 1 comment
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@ceeriil
Copy link
Owner

ceeriil commented Feb 6, 2025

Why is this even an issue?

  • Wrote the current implementation quickly so I can build out other functions
  • Authentication flow (signInWithCustomToken) and message signing/verification (verifyMessage) should be thoroughly tested before public release and mainnet announcement
  • Handle invalid signatures, edge cases, and spot out potential security risks
  • No immediate financial security risks, so no need for concern.
  • Potential risk: If a security leak is found (i would make sure there isn't thats why this issue exist lol) , it could expose information (e.g., getting another person employees details).

Possibly?

  • Write unit tests for verifyMessage and API auths
  • Test different wallets and edge cases (invalid signatures, replay attacks bla bla
@ceeriil ceeriil added enhancement New feature or request help wanted Extra attention is needed labels Feb 6, 2025
@ceeriil
Copy link
Owner Author

ceeriil commented Feb 6, 2025

https://docs.reown.com/appkit/features/siwx/default might be important

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ceeriil