eth-sig-util icon indicating copy to clipboard operation
eth-sig-util copied to clipboard
verified publisher icon MetaMask

`signTypedData` input validation

Open Gudahtt opened this issue 4 years ago • 1 comments

We don't have much in the way of input validation for signTypedData. This is dangerous because invalid inputs can result in non-standard encodings.

Some examples of this are:

  • Negative uint values are currently encoded as positive values. The negative is ignored.
  • Some out-of-bounds integer values and byte values are possible to encode right now.
  • We don't validate address input, so the address field can be used to store values far larger than an address.

We should strictly validate input, so that users don't accidentally become reliant upon non-standard and non-portable encodings.

Gudahtt avatar Sep 16 '21 02:09 Gudahtt

We should also validate that the order of fields in the domainSeparator matches the specification. We have found that some hardware wallets (e.g. Keystone) will reorder fields to match the specification, so if we don't validate that ourselves the signatures won't be verifiable.

Gudahtt avatar Apr 16 '24 12:04 Gudahtt