Overtorment
commented
2 years ago its leaked only when you actually press "view on coinb.in" button
Closed Transisto closed 2 years ago
Overtorment
commented
2 years ago its leaked only when you actually press "view on coinb.in" button
Transisto
commented
2 years ago Why not bundle it and run it locally? It's open source code.
"You can even download this page and host it yourself or run it offline!" -Coinbin
ncoelho
commented
2 years ago Because this is only useful to verify against a 3rd party.
On Tue, 13 Sep 2022 at 01:53, Transisto @.***> wrote:
Why not bundle it and run it locally? It's open source code.
"You can even download https://github.com/OutCast3k/coinbin/archive/master.zip this page and host it yourself or run it offline!" -Coinbin
— Reply to this email directly, view it on GitHub https://github.com/BlueWallet/BlueWallet/issues/5017#issuecomment-1244722249, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJOLHJXAXQKXXD2BWTUZGDV567ATANCNFSM6AAAAAAQKT72LI . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Transisto
commented
2 years ago Because this is only useful to verify against a 3rd party.
There is no point validating this with a third party.,This isn't a block explorer to validate chain state it's only to be able to know what utxo have been selected as part of the transaction.
ncoelho
commented
2 years ago Not at all the point of this. Or the threat model in place here.
This is to validate the transaction signed against a different source so you don’t have to trust bluewallet.
If you don’t like this feature don’t use it.
On Tue, 13 Sep 2022 at 10:06, Transisto @.***> wrote:
Because this is only useful to verify against a 3rd party.
There is no point validating this with a third party.,This isn't a block explorer to validate chain state it's only to be able to know what utxo have been selected as part of the transaction.
— Reply to this email directly, view it on GitHub https://github.com/BlueWallet/BlueWallet/issues/5017#issuecomment-1245049012, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJOLHKPMC7VY5HR3ZP2XMDV6AYZDANCNFSM6AAAAAAQKT72LI . You are receiving this because you commented.Message ID: @.***>
Transisto
commented
2 years ago The source of the problem is that BW doesn't have the feature to display important transaction details before signing or before broadcasting.
Sending a signed transaction to an online third party to verify that BW tx signing code, arguably the most important part of the wallet is not buggy is ridiculous.
ncoelho
commented
2 years ago Agree, feel free to open a PR. Closing the issue as there is no leak from the app.
Transisto
commented
2 years ago If you want to keep the online link as a stopgap from implementing a proper preview feature in the wallet then the wallet should protect the users privacy by having them confirm that their signed transaction will be published to a third-party which may;
Broadcast it to the network, Keep a copy of it along with the IP of the user.
Surprised how it seems so hard to find code that convert a raw transaction into human readable text that we need to have our signed transaction sent to a 3rd party website.