Improve security for authorizing principals

dfinity · Apr 3, 2024 · 72c0188 · 72c0188
1 parent 5add34b
commit 72c0188
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/canisters/backend/Core.mo b/canisters/backend/Core.mo
@@ -33,7 +33,8 @@ module {
 
     public func connectEthWallet(caller : Principal, wallet : Types.EthWallet, signedPrincipal : Types.SignedPrincipal) : async Types.Resp.ConnectEthWallet {
       let log = logger.Begin(caller, #connectEthWallet(wallet, signedPrincipal));
-      let checkOutcome = await IcEth.verify_ecdsa(wallet, Principal.toText caller, signedPrincipal);
+      let message = "Authorized ICP principal: " # Principal.toText(caller);
+      let checkOutcome = await IcEth.verify_ecdsa(wallet, message, signedPrincipal);
       log.internal(#verifyEcdsaOutcome(checkOutcome));
       if (checkOutcome) {
         ignore (state.putWalletSignsPrincipal(wallet, caller, signedPrincipal));

diff --git a/src/services/addressService.ts b/src/services/addressService.ts
@@ -4,7 +4,6 @@ import { handleError, handlePromise } from '../utils/handlers';
 import makeObservable from '../utils/makeObservable';
 import { getBackend } from './backendService';
 import { USER_STORE } from './userService';
-import { applicationName } from '../setupApp';
 
 export const ADDRESSES_STORE = makeObservable<string[] | null>();
 
@@ -50,7 +49,7 @@ async function verifyAddress(address: string, ethereum: any): Promise<boolean> {
     return false;
   }
   const principal = user.client.getIdentity().getPrincipal().toString();
-  const message = `${applicationName}\n${principal}`;
+  const message = `Authorized ICP principal: ${principal}`;
   const signature = await ethereum.request({
     method: 'personal_sign',
     params: [`0x${toHex(message)}`, address],