SpeedRunEthereum
SpeedRunEthereum copied to clipboard
BuidlGuidl
Change message to sign
This is not an MVP feature, but something I think we should consider.
I see the message to be signed something like a CSRF token. If we always send the same message, the same addresses will always produce the same signature, so an eavesdropper will be able to re-authenticate maliciously with the signature they found.
Why we shouldn't worry too much
I don't think this is a big deal because:
- We won't be dealing with highly sensitive information,
- All communications will be through https, so eavesdropping will be expensive and definitely not worth it taking into account the information they would get access to if someone is successfully hacked,
- Even changing the message to sign an eavesdropper would have the JWT token, and complete access until the JWT token is expired.
Why I think this should be implemented at some point
However, I think changing the message to be signed shouldn't be too hard. The only concern here is storing the message to compare it with the signed message. For that, an in-memory dictionary with { [address]: messageToBeSigned } should work completely fine. At least until we have >10k users signing in at the same time (should be fine).
(cc @carletex @sogasg)
