safe icon indicating copy to clipboard operation
safe copied to clipboard
verified publisher icon 5afe

Increase security by adding multisig transactions checks to clients

Open Uxio0 opened this issue 4 years ago • 1 comments

What is this feature about? (1 sentence)

Add more checks on clients so in case that backend is compromised users don't sign forged transactions.

Why is it needed? What is the value? For whom do we build it?

As a multisig wallet focused on security we should give our users all the protection we can.

High-level overview of the feature

All the information on multisig transactions that can checked should be checked:

  • Calculate always the safeTxHash and compare to the one provided by the backend (this is already done on iOs/Android, @dasanra how is it on web?)
  • Check that dataDecoded matches the data provided.
  • Check that provided confirmations match owners of the Safe and the safeTxHash of the transaction

Uxio0 avatar Dec 23 '20 17:12 Uxio0

Assigning the not now label for now. @Uxio0 to provide context: We think it's better to first make an overview of the possible security issues / attack vector that exist in our current systems. Having such an overview makes it easier to assess the important/prio of this issue afterwards. @rmeissner said he will work on this and make an overview. :)

tschubotz avatar Jan 07 '21 12:01 tschubotz