"Wallet" class actually holding private key in plaintext

planetarium / sphere

A signing library encapsulating multiple account providers to be used on Libplanet-based applications.

5 stars 2 forks source link

"Wallet" class actually holding private key in plaintext #29

Closed Akamig closed 1 year ago

Akamig commented 1 year ago

Mitigation : bring web3 secret storage parser implementation from ethereumjs-wallet and create a temporary private-key-provider on sign time instead of storing private key raw. I found simillar structure is used in Metamask.