taquito icon indicating copy to clipboard operation
taquito copied to clipboard

Published 20 hours ago verified publisher icon ecadlabs

Add ability to sign and check arbitrary messages using the Florencenet `failing_noop` operation to to local forger and create an integration test.

Open jevonearth opened this issue 3 years ago • 4 comments

Is your feature request related to a problem and use case? Please describe.

Signing arbitrary data is a common activity in blockchain, but it presents risks in that a wallet, if permissive, can sign a malicious operation that is purporting to be arbitrary data.

Describe the solution you'd like

The florencenet protocol amendment introduced a new operation type called failing_noop which is an operation type that is guaranteed to never be included in the chain.

A clear and concise description of what you'd want to happen.

  • Implement APIs in Taquito to easily sign arbitrary data wrapped in a failing_noop operation.
  • Implement APIs in Taquito to easily check signature validity of a signed failing_noop operation.
  • An integration test that attempts to inject a valid failing_noop operation that should fail

Describe alternatives you've considered

Prior to this operation type, wallet developers implemented a data structure to help mitigate this risk. See: https://docs.google.com/document/d/1ZgA7mZNrWl1YZ0snzjiFw1ahyXjvWFS1GvU5-caUDCE/edit

Additional context

If Taquito implements the ability to sign and check data using this operation type, wallet developers are more likely to restrict the signing of arbitrary data that comes in the form of a failing_noop operation.

See Tezos MR https://gitlab.com/tezos/tezos/-/merge_requests/2361 for more information.

jevonearth avatar Jun 24 '21 23:06 jevonearth

We have support for this in RPC forger, but could add it to local forger and create an integration test.

Innkst avatar Jul 02 '21 20:07 Innkst

Near as I can tell, the local forger does not yet support the failing_noop operation kind. If so, could it be please be added?

fredcy avatar May 02 '22 18:05 fredcy

@fredcy would you be able to share some details on how you are using it? It will help us to know more about your use case.

Innkst avatar May 03 '22 18:05 Innkst

I am trying to create a proof of concept dApp that signs arbitrary text messages over Beacon. I have it working using the ad hoc "0501"-prefixed Micheline string value method and I want to try using a failing_noop approach that was once recommended as a better alternative.

Several of us plan to write a new tzip to document the current 0501 string value method already implemented by some dApps and wallets, and to write another new tzip to document an alternative safe-signing approach based on failing_noop.

fredcy avatar May 04 '22 14:05 fredcy

See related request with the use case description here https://github.com/ecadlabs/taquito/issues/2507

Innkst avatar Jun 01 '23 20:06 Innkst