Session Keys #2131
Session Keys #2131
Conversation
# Conflicts: # tools/walletextension/common/types.go # tools/walletextension/rpcapi/filter_api.go # tools/walletextension/rpcapi/from_tx_args.go # tools/walletextension/rpcapi/utils.go # tools/walletextension/storage/database/common/db_types.go # tools/walletextension/storage/database/sqlite/sqlite.go
| } | ||
| return userID, nil | ||
| switch address.Hex() { | ||
| case common.UserIDRequestCQMethod: // todo - review whether we need this endpoint |
There was a problem hiding this comment.
This endpoint is needed by frontend and is used in wallet-provider.tsx : const fetchedToken = await getToken(providerInstance);
But on the other hand we might need to think about this one again as it can be easy to exploit in my opinion in the following scenario:
User connects to a website with TEN (like Battleships ) and if this website is malicious it can store the data (userID) it gets from eth_getStorageAt call and then it can use the gateway to decrypt your transactions right?
There was a problem hiding this comment.
exactly. It's a vulnerability. What does the wallet-provider do with it?
| @@ -11,10 +11,14 @@ import ( | |||
| "github.com/ten-protocol/go-ten/tools/walletextension/storage/database/sqlite" | |||
| ) | |||
|
|
|||
| // todo - pass the Context | |||
There was a problem hiding this comment.
is this todo for this PR or should we do it in the next one?
There was a problem hiding this comment.
for a future pr.
Why this change is needed
This is a basic implementation of Gateway level Session Keys.
What changes were made as part of this PR
PR checks pre-merging
Please indicate below by ticking the checkbox that you have read and performed the required
PR checks
E2E passing: https://github.com/ten-protocol/ten-test/actions/runs/11741950524/job/32711679991