Closed iamcrazycoder closed 1 year ago
https://github.com/secretkeylabs/xverse-core/blob/develop/tests/singatures/bip32.test.ts#L18
Replacing message
variable here with any value that isn't the original message that was signed returns true
where it should return false
.
Hi @iamcrazycoder @kodemon. Apologies for the late reply.
The verify function was only used to validate that the resultant signature, matched the address. It was placed in the wrong place as it was for testing only, and it didn't actually validate the bip-322 message in the payload.
We've created a ticket to clean this up a little and add the required documentation. To validate the actual message/address combo in the signature, you can use a library like bip322-js: https://github.com/ACken2/bip322-js
I have generated a message signature by signing w/ a Taproot address using the XVerse extension. While the verification works fine for
p2sh
signatures, it returns false positives forp2tr
signatures.This issue can be reproduced using the following code and by updating the 2nd argument value ("Hello") of
verifySignature
to any other value. The result is alwaystrue
for any message value.[referenced from connect/bip322Signature.ts]