Reid Rankin
Reid Rankin
Same issue here. The issue is that Firefox has decided that page CSPs should apply to code injected by extensions. This means that MM's injected provider stub won't work unless...
:arrow_up: We've done some research here and are happy to help out any potential bounty hunters (who could, of course, be MetaMask team members themselves!) however we can; drop us...
Everyone / @MBMaria / @0xean : Having seen no useful progress on this issue so far -- and in face of internal reprioritizations -- we're withdrawing this bounty. :(
(closing/reopening pr to trigger retest)
Technically, this would probably mean running the native wallet in a SharedWorker or ServiceWorker, and needs the same infrastructure as #713. I built this infrastructure back in January in the...
This will be a bit tricky, since we don't have an automated way to tell if a token's contract is safe to interact with and we can't in general trust...
I'm less worried about missing symbols/names than malicious ones: i.e. a token might name itself "USDC" and "airdrop" itself to someone's wallet as a phishing scheme. I expect that A...
Been thinking about this a bit more. I think that automatically-detected tokens are more likely to be risky than manually-imported ones, but they shouldn't be considered second-class citizens in the...
+1 for checksums -- but FWIW, the issue with that some-builds tarball isn't that it's corrupt as much as that it's empty. All I get is ~200MB of null bytes!
Something I haven't seen addressed yet is that ChaCha20 is a stream cipher, while AES is a block cipher. This means that to use AES, padding must be used to...