ethereum / mist

[DEPRECATED] Mist. Browse and use Ðapps on the Ethereum network.
http://ethereum.org
GNU General Public License v3.0
7.44k stars 2.12k forks source link

token autoscan does not work #4087

Open RaZeRiel opened 6 years ago

RaZeRiel commented 6 years ago

like the title says, token autoscan does not work and i don't know why. i have already deleted all folders & reinstalled the wallet, tried 0.10.0 version and still not working. also deleted all tokens.

the log says: [2018-09-04T19:56:55.728] [INFO] (ui: browser) - Error parsing token list: SyntaxError: Unexpected token : in JSON at position 3 [2018-09-04T19:56:55.729] [WARN] (ui: browser) - %cUnhandled rejection Error parsing token list: SyntaxError: Unexpected token : in JSON at position 3 color: red

Version: `0.11.1`
OS & Version: windows
Node version: `geth 1.8.13`
Number of blocks synchronized: 6 271 616

git

git2

all.log.zip

evertonfraga commented 6 years ago

Thanks for reporting @RaZeRiel, it will be sorted out soon!

sycomix commented 6 years ago

this bug also exists in Linux image

mpge commented 6 years ago

Confirming bug also exists in MacOS

psy0rz commented 6 years ago

confirmed, it seems this url that it is trying to download is invalid:

https://raw.githubusercontent.com/MyEtherWallet/ethereum-lists/master/tokens/tokens-eth.json

evertonfraga commented 6 years ago

Yeah, the source changed URLs. That was fixed in our local repository and will be available as soon as we release 0.12.0.

Thanks for reporting.

psy0rz commented 6 years ago

Shouldn't we be our "own" source? e.g. fork that repository and create a cronjob somewhere that updates it automatically.

This way we can fix it retroactively when they change something, instead of having to wait on the next release.

Also: Should our json parser handle data from an "untrusted" source? What if someone crafts a special file that exploits a weakness in our json handling code?

UGatgithub commented 5 years ago

I can confirm this issue under Windows 10 for ethereum wallet and Mist.

psy0rz commented 5 years ago

Also: Should our json parser handle data from an "untrusted" source? What if someone crafts a special file that exploits a weakness in our json handling code?

Still no reply to this yet? I'm very worried that a cryptowallet makes REST calls to a 3rd party service. It basically means you have to trust all the libraries that are involved in getting and parsing json via a https get request. (e.g. a lot of code, inclusing ssl libraries.)