Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Defect] The nonce passed to URL in signMessage for browser wallets is not URL-safe #1065

Closed
kujtimprenkuSQA opened this issue Feb 1, 2024 · 4 comments
Closed

[Defect] The nonce passed to URL in signMessage for browser wallets is not URL-safe #1065

kujtimprenkuSQA opened this issue Feb 1, 2024 · 4 comments
Assignees
@kujtimprenkuSQA
Labels
bug Something isn't working Emerging Tech Emerging Tech flying formation at Pagoda

Comments

@kujtimprenkuSQA
Copy link
Contributor

kujtimprenkuSQA commented Feb 1, 2024
edited
Loading

Describe the bug

Looks like the way the nonce is passed via URL to MyNearWallet as nonce.toString() to the signMessage for MyNearWallet results in Buffer being converted to a string of ASCII characters and this string contains characters that break the URL structure so it might result in strange URL shown below

Steps To Reproduce

const wallet = await selector.wallet("my-near-wallet");
const message = "test message for verification";
const nonce = crypto.randomBytes(32);
const recipient = "myapp.com";
await wallet.signMessage({ message, recipient, nonce });

This will result in a URL containing some strange characters:

image

Error description

Expected behavior

The nonce passed to the URL should not contain characters that break the URL structure
@kujtimprenkuSQA kujtimprenkuSQA added bug Something isn't working Emerging Tech Emerging Tech flying formation at Pagoda Near BOS labels Feb 1, 2024
@kujtimprenkuSQA
Copy link
Contributor Author

kujtimprenkuSQA commented Feb 1, 2024
edited
Loading

Unfortunately, the NEP does not state in what type of encoding should the nonce be passed to the wallet via the URL for Browser Wallets.

I think we should update the wallet-selector and pass the nonce as a base64 string to the URL for Browser Wallets and then update MyNearWallet to handle this change since the current implementation seems to be kind of limited.

@kujtimprenkuSQA kujtimprenkuSQA mentioned this issue Feb 1, 2024
Merged
14 tasks
@kujtimprenkuSQA
Copy link
Contributor Author

Created a PR on MNW mynearwallet/my-near-wallet#194 we will wait for the review from the MNW team and see if they have any better solution or suggestion.

@kujtimprenkuSQA kujtimprenkuSQA self-assigned this Feb 1, 2024
@kujtimprenkuSQA
Copy link
Contributor Author

The PRs have been merged on both sides in wallet-selector and also my-near-wallet but the changes are still not published for production on my-near-wallet, once the changes are live on mainnet and testnet we will need to make a release on our side.

@kujtimprenkuSQA
Copy link
Contributor Author

Closing as the release is out now with the fix:
https://github.com/near/wallet-selector/releases/tag/v8.9.4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kujtimprenkuSQA kujtimprenkuSQA

Labels
bug Something isn't working Emerging Tech Emerging Tech flying formation at Pagoda
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kujtimprenkuSQA