From 72c0188f2d849947986ca161717e9e5d46394156 Mon Sep 17 00:00:00 2001 From: rvanasa Date: Wed, 3 Apr 2024 15:44:07 -0600 Subject: [PATCH] Improve security for authorizing principals --- canisters/backend/Core.mo | 3 ++- src/services/addressService.ts | 3 +-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/canisters/backend/Core.mo b/canisters/backend/Core.mo index 94f5b7d..64d41ba 100644 --- a/canisters/backend/Core.mo +++ b/canisters/backend/Core.mo @@ -33,7 +33,8 @@ module { public func connectEthWallet(caller : Principal, wallet : Types.EthWallet, signedPrincipal : Types.SignedPrincipal) : async Types.Resp.ConnectEthWallet { let log = logger.Begin(caller, #connectEthWallet(wallet, signedPrincipal)); - let checkOutcome = await IcEth.verify_ecdsa(wallet, Principal.toText caller, signedPrincipal); + let message = "Authorized ICP principal: " # Principal.toText(caller); + let checkOutcome = await IcEth.verify_ecdsa(wallet, message, signedPrincipal); log.internal(#verifyEcdsaOutcome(checkOutcome)); if (checkOutcome) { ignore (state.putWalletSignsPrincipal(wallet, caller, signedPrincipal)); diff --git a/src/services/addressService.ts b/src/services/addressService.ts index 706e9ce..223334a 100644 --- a/src/services/addressService.ts +++ b/src/services/addressService.ts @@ -4,7 +4,6 @@ import { handleError, handlePromise } from '../utils/handlers'; import makeObservable from '../utils/makeObservable'; import { getBackend } from './backendService'; import { USER_STORE } from './userService'; -import { applicationName } from '../setupApp'; export const ADDRESSES_STORE = makeObservable(); @@ -50,7 +49,7 @@ async function verifyAddress(address: string, ethereum: any): Promise { return false; } const principal = user.client.getIdentity().getPrincipal().toString(); - const message = `${applicationName}\n${principal}`; + const message = `Authorized ICP principal: ${principal}`; const signature = await ethereum.request({ method: 'personal_sign', params: [`0x${toHex(message)}`, address],