mycrypto.com icon indicating copy to clipboard operation
mycrypto.com copied to clipboard

Published 20 hours ago verified publisher icon MyCryptoHQ

Messages signed with a Trezor don't verify without a Trezor

Open phiferd opened this issue 6 years ago • 2 comments

The signed message verification doesn't work properly for Trezors. It currently requires that any message signed with a trezor is verified with a trezor.

https://github.com/MyCryptoHQ/mycrypto.com/blob/master/app/scripts/controllers/signMsgCtrl.js#L150

I believe this code was inherited from MyEtherWallet, although MEW has updated their code to correct this issue:

https://github.com/kvhnuke/etherwallet/blob/mercury/app/scripts/controllers/signMsgCtrl.js#L178

Would be nice if MyCrypto did the same.

phiferd avatar May 10 '18 14:05 phiferd

Here's an example message sign using MyCrypto:

{
  "address": "0x01bc58678b6aef694ef598de3e2a30e4e501278f",
  "msg": "Test message for Github issue",
  "sig": "0x7b940926a983cac4f6c196f030a2dd1ff985e0740b0704b17030c730a6116e22683af5a434d813c12acf0d8b5ea0caa1efd4443aea3a9da13f45ce8554cd58da1c",
  "version": "2"
}

If I verify the message with my Trezor connected, it works. However, if I disconnect it, I get (error_12) Invalid signed transaction.

phiferd avatar May 10 '18 14:05 phiferd

If I update the verison to "3" and set "signer" to "trezor", I can verify the message on MEW without my Trezor connected.

{
  "address": "0x01bc58678b6aef694ef598de3e2a30e4e501278f",
  "msg": "Test message for Github issue",
  "sig": "0x7b940926a983cac4f6c196f030a2dd1ff985e0740b0704b17030c730a6116e22683af5a434d813c12acf0d8b5ea0caa1efd4443aea3a9da13f45ce8554cd58da1c",
  "version": "3",
  "signer": "trezor"
}

phiferd avatar May 10 '18 14:05 phiferd