safe-apps-sdk
safe-apps-sdk copied to clipboard
safe-global
Allow to sign message via connected owner wallet
Signing messages allows to authenticate a user. This can be used in Safe apps to identify/ authenticate the connected wallet. Currently it is not possible to request a signature from the wallet connected to the web interface. This is to avoid potential security risks. We should find a way to limit the security risk and allow dapps to request an owner signature.
Security notes
- If a Safe app triggers a signature request the Wallet will display it as if it was requested by the Safe react interface
- A Safe app could request a signature for a Safe transaction if no protection is in place
I would really like this feature.
I saw this post https://help.gnosis-safe.io/en/articles/3940875-gas-less-signatures and thought it was possible, so I tried gnosisSDK.txs.signMessage(message) but had no luck.
It actually pops up a modal to sign the message, and when I go to the second account and approve it as a "transaction", I try to copy the "Data (hex encoded)" thinking this could be the signed data, but no luck, that's not really the signature.
I wonder the technical aspect of multisig personal_sign implementation.
To get a signature from the multisig smartcontract, it would have to be executed on chain and spill the signature on chain, making it public, is that correct? or not necessary?
So, let's say I have NFTs to be minted with a fixed price, I could make a Black Friday discount event by calling some setPrice method in the smartcontract using a Gnosis Safe multisig wallet.
But what if I want to create 3 discount vouchers to be distributed? Each vouchers would need to be signed, and the signature should not be leaked before use.
Would it be possible?
For now, I got two workaround ideas:
- Include multiple signatures in the voucher, and the smartcontract would check each one. The problem is that the contract would get overly complex for me (accounting for adding and removing signers), and more prone to bugs.
- create a method setVoucherSigner(walletAddress) that would to be called using a multisig wallet. This option seems to be the best, as a single signer could sign many vouchers easily, and I could just call setVoucherSigner() again to void its role in case that wallet gets compromised.
I will probably use the last option, but it would be good to have personal_sign implemented in Gnosis Safe if possible, as someone else might create another use case we have not thought of. It would also be good for offchain voting. (like snapshot.org)
And I see this was apparently solved in #218 , but I tried to get it working with safe-apps-sdk + safe-apps-web3modal and it did not work, personal_sign returns as soon as the first signer do the signature, and it returns just 0x and nothing more.
https://github.com/milliontokenfan/milliontokenfan.github.io/blob/main/sign.html
And by the way, another issue, but very minor with easy workaround: Error: "personal_ecRecover" not implemented
hi @rmeissner @mikhailxyz 👋🏾 😃
I found this ticket because I'm working on an integration. Seems like it is possible to allow the wallet connected to sign a message requested from a safe-app. Check this video: https://www.loom.com/share/e16739892ef843198587917d130bf878
I used this code:
<button
onClick={async () => {
const w = window as any
const provider = new Web3Provider(w.ethereum)
const signer = provider.getSigner()
const signature = await signer.signMessage('hello world')
console.log(signature)
}}
>
Sign MM
</button>
I was wondering if you can prioritize this ticket as it might be super handy for the safe-app I'm working on and many others. safe-apps.
