BuildOnViction / bug-reports

TomoChain's Bug Report & Support
https://tomochain.com
17 stars 5 forks source link

Bypassed Private Key Address (Can open wallet even if Error: Invalid Hexadecimal wallet/hex string must have 0x prefix exists) #136

Closed CryptoChaser13 closed 4 years ago

CryptoChaser13 commented 4 years ago

Hello. I wish i could explain well this.

I actually just logged out my existing account on dexchange. So now, the option is to unlock a wallet either using Private Key, Mnemonic Phrase or Ledger. I decide to open via private key. Upon typing randomly the characters which i know is impossible to have an account, suddenly it was opened and it has an eth address. You can see the characters i input on the video below:

https://youtu.be/TZhPNp6vESk

Is this normal?

UmckaBear commented 4 years ago

@MirasolFerrer You used "a" and "d" symbols. These characters can be in private key. This is normal behavior. It is normal that you don't need to have "0x" prefix in hexadecimal private key, because "0x" prefix added similar to "0x" prefix for public address, for more convenience by some wallets. Also, system correctly open same wallet with "0x" prefix and without prefix in pk. No issues.

Similar to combination of 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, a, b, c, d, e, f any of those characters, you can use even combination of one symbol

CryptoChaser13 commented 4 years ago

Hello @UmckaBear I already thought about that. In fact i made a query to my crypto friends about it for two days. What im pertaining here is the code at Inspect Element, It shows Invalid Hexadecimal wallet/hex string must have 0x prefix. I indicated it in the title.

thanhson1085 commented 4 years ago

This is normal. So what is your expectation?

CryptoChaser13 commented 4 years ago

I expect that it must now show an element of "Invalid Hexadecimal Wallet or Hex string muat have 0x prefix", cause i can still open any wallet even if dont start with 0x, or even a very impossible format (repeated letters), cause that's probably an element which cannot apply to all kinds of ethereum wallet especially under private keys. It must have a proper validation because not all invalid hexadecimal wallet don't exist as a wallet, like in my example, it still exists.

thanhson1085 commented 4 years ago

So you want to update the error message to ""Invalid Hexadecimal Wallet" or "Hex string must have 0x prefix", right?

CryptoChaser13 commented 4 years ago

Yes sir. Update the error message "Invalid Hexadecimal Wallet/Hex string must have 0x prefix" , cause its not applicable to all private keys like the private key i indicated. It may be more apprpriate if the error is "Private Keys/Wallet doesn't exist".

thanhson1085 commented 4 years ago

Thank you for the suggestion. But I think current error message is OK.

CryptoChaser13 commented 4 years ago

Okay sir. But not applicable to all wallet.