search

MetaMask / test-dapp

The sample dapp used for e2e testing and metamask-extension QA
https://metamask.github.io/test-dapp/
MIT License
587 stars 347 forks source link

[Bug]: Sign-in With Ethereum (SIWE) buttons are not using EIP-55 compliant from addresses #326

Closed digiwand closed 4 months ago

digiwand commented 5 months ago

Per EIP-4361 (SIWE) spec, the provided address must be EIP-55 compliant. If we update to the latest spruceid/siwe-parser package ^v2.1.0, the current test-dapp buttons will no longer parse as SIWE messages. This is because our RPC method, eth_accounts, returns all-lowercase, non-complaint EIP-55 addresses. Because of this, we've patched our version of the @spruceid/siwe-parser to exclude the EIP-55 check (PR).

Spec: We need to enforce EIP-55 addresses for SIWE transactions

Links: Related internal thread Related eth_accountsPR comment

digiwand commented 4 months ago

It appears that our RPC provider method eth_accounts returns addresses in all lowercase which is a non-EIP-55 complaint address. How clients handle this now is that they will use another library to convert the addresses to their EIP-55 complain, checksum form.

updating the ticket with the information

digiwand commented 4 months ago

Relocating issue to metamask-planning https://github.com/MetaMask/MetaMask-planning/issues/2430