You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 4, 2024. It is now read-only.
The current withdrawal payloads requires arbitrary messages to be signed. These signatures are impossible to create through the current signing API in Hiro wallet. This is by design, since the wallet does not want to support someone accidentally signing a bitcoin or stacks transaction through that API. For the same reason, we should not build a solution that allows an application to maliciously trick users into signing sBTC transactions.
Going forward, we should have a dialogue with the wallet team about which signature format they could support and how they could implement a dedicated function to produce a sBTC withdrawal message signature. This is likely going to entail a wire format update, which should be reflected in this documentation.
Definition of done
The signature in the withdrawal payload has a format that is secure and easy to support in wallets.
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
The current withdrawal payloads requires arbitrary messages to be signed. These signatures are impossible to create through the current signing API in Hiro wallet. This is by design, since the wallet does not want to support someone accidentally signing a bitcoin or stacks transaction through that API. For the same reason, we should not build a solution that allows an application to maliciously trick users into signing sBTC transactions.
For the first alpha prototype, we had to do an ugly workaround to make the alpha coordinator able to parse signatures created through the wallet. See this comment and PR: https://github.com/Trust-Machines/stacks-sbtc/pull/602#issuecomment-1649523475.
Going forward, we should have a dialogue with the wallet team about which signature format they could support and how they could implement a dedicated function to produce a sBTC withdrawal message signature. This is likely going to entail a wire format update, which should be reflected in this documentation.
Definition of done
The signature in the withdrawal payload has a format that is secure and easy to support in wallets.
The text was updated successfully, but these errors were encountered: