sbtc-developer-release icon indicating copy to clipboard operation
sbtc-developer-release copied to clipboard
verified publisher icon stacks-network

[sBTC DR 0.2] Use better message signing format for withdrawal requests

Open friedger opened this issue 2 years ago • 1 comments

Description

Withdrawal requests contain a signature of a hashed message. Currently, the message is specified as a byte array of amount and btc receiver address. The current implementation uses a human readable string as message (see #266) because wallets do not support arbitrary message signing (for good reasons).

We should use a structured message and update the SIP and the client libraries.

The current SIP suggest to withdraw with a stx address, not with a btc address. See comment: https://github.com/stacksgov/sips/pull/156/files#r1359458341

Expected Approach

Use a structured message as defined in SIP 17

Acceptance Criteria

  • [ ] PR changes the message format to a structured message
  • [ ] PR updates the documentation
  • [ ] client libraries are updated
  • [ ] SIP about sBTC is updated

friedger avatar Oct 13 '23 14:10 friedger

The asset contract could contain a read-only function that does the hashing of the message so that clients can verify that they are creating the correct message.

friedger avatar Oct 13 '23 18:10 friedger