0

I am wondering if it is safe to sign any message with Personal Sign? Can't a malicious dapp try to hide a transaction inside the message I am signing and then use my signature to make that transaction?

I know this question has already been asked here: Is it safe to sign messages with Personal Sign? But I am not satisfied with the answer : personal_sign prefixes the message, preventing it from being a valid transaction. Because of this, it is safer for users.

Does this mean when a user uses personal_sign he is completely safe from the exploit I just mentioned, the message can be used to generate a raw transaction?

FracaShaw
  • 1
  • 2
  • The prefix first byte is \x19. That byte isn't valid as a transaction first byte so an app can't make you sign a transaction. But this is crypto, the probability is never zero, it is very low you have to break the hashing algorithm keccak256. It is something not feasible with current computers. – Ismael Feb 16 '22 at 04:09
  • Thank you very much Ismael! Do you have a link to documentation confirming that by any chance? – FracaShaw Feb 19 '22 at 18:48
  • Here are some details about Keccak security https://crypto.stackexchange.com/questions/41413/security-of-keccak-sha3-against-birthday-attacks, here other about ECDSA security for the curve used by Ethereum https://crypto.stackexchange.com/questions/73114/ecdsa-secp256k1-attacks. – Ismael Feb 19 '22 at 19:29
  • The the transaction encoding this EIP introduces transaction types https://eips.ethereum.org/EIPS/eip-2718, legacy transactions are RLP encoding https://eth.wiki/en/fundamentals/rlp so they start with a byte in 0x80-0xfe range. After EIP-2718 a transaction type equal 0x19 might exists, but the only defined is 0x01 EIP-2930. Part of the details are in Ethereum's Yellow paper, section 4.2 "The Transactoin". – Ismael Feb 19 '22 at 19:57

0 Answers0