frame icon indicating copy to clipboard operation
frame copied to clipboard
verified publisher icon floating

Frame Signature Check Fails

Open bowensanders opened this issue 6 years ago • 7 comments

When attempting to use a dapp requiring a signature - using a ring account successfully signs the transaction, but when attempting to use an aragon DAO agent account, it fails:

Screen Shot 2019-10-18 at 11 32 59 AM Screen Shot 2019-10-18 at 11 34 04 AM

You can recreate this by attempting to use Frame as your web3 provider using the Giveth DApp. (beta.giveth.io)

bowensanders avatar Oct 18 '19 18:10 bowensanders

Should be in the next release #259

jvluso avatar Oct 18 '19 18:10 jvluso

Is there an ETA for the next release?

bowensanders avatar Oct 21 '19 09:10 bowensanders

@bowensanders Sorry, I don't have an exact ETA for this right now. It will definitely be in 0.3, possibly before that. I will try to get it out as soon as possible. Until then you can use the smartSign branch running from source which includes @jvluso's updates.

floating avatar Oct 25 '19 16:10 floating

Thanks for the response! Today I've now compiled and installed the smartSign branch and am running (0.3.0) and the frame side no longer produces an error (it shows as a success in the frame app) - but it seems that the response isn't returning the same way as another web3 provider would.

(edit 1) The dapp does not seem to receive response like it's looking for, and our modal that goes away in response to a successful signature never leaves (only when using a frame DAO account

Console error returned seems to happen all of the time with frame: Screen Shot 2019-10-28 at 1 32 16 PM

(edit 2) The console error above seems to be happening any time when using frame in chrome / brave.

Seems like a big step in the right direction though!

(edit 3) The 'isApproved' property seems to be specifically a metamask property which is not the cause of the error. There does, however, appear to be a difference between what is returned from a 'hot' wallet and a 'DAO' wallet signature to the dapp.

bowensanders avatar Oct 28 '19 20:10 bowensanders

Hey @bowensanders!

Yes, the signed messages is prefixed for use with Aragon's isValidSignature. Since the DAO itself cannot sign the message, the message is signed by the actor address (EOA) and then needs to be verified as valid. This will not work with most dapps (yet)

floating avatar Oct 29 '19 23:10 floating

Hey @bowensanders!

Yes, the signed messages is prefixed for use with Aragon's isValidSignature. Since the DAO itself cannot sign the message, the message is signed by the actor address (EOA) and then needs to be verified as valid. This will not work with most dapps (yet)

@floating If I understand you, this means that most dapps won't accept a message signed by the actor address and verified as valid by the DAO address.

When you say "(yet)" do you expect dapps to start accepting this in the future?

I'm interested in interacting with https://explorer.bounties.network/explorer/, which requires the user to "log in" by signing a message.

adamstallard avatar May 02 '20 22:05 adamstallard

@bowensanders is the original issue here resolved? The mentioned PR was merged some time ago. If there are further issue(s) to follow up feel free to create a new one.

goosewobbler avatar Jul 17 '22 22:07 goosewobbler

Closing as the current support for Aragon accounts has been temporarily removed - smart accounts will be reimplemented in a future Frame release.

goosewobbler avatar Feb 27 '23 23:02 goosewobbler