Skip to content

make sure gashawk can never access private key #10

New issue
New issue
Open
Open
make sure gashawk can never access private key#10
Assignees
AlexNi245
@malteish

Description

@malteish
malteish
opened on Sep 19, 2022

Currently, the signer object is handed to Gashawk:

const signer = new Wallet(PRIVATE_KEY, ethers.getDefaultProvider());
const gashawk = await Gashawk.fromSigner(signer, API_URL);
const gashawkSigner = gashawk.getSigner();

Since the signer object contains the user's private key, this could cause trust issues. In order to avoid these, implement signing the terms of service like this:

  1. request terms or service message from Gashawk
  2. sign message with signer
  3. return signature to Gashawk
    steps 2 and 3 can probably be done in 1 line of code, so there is only one extra line of code as cost for resolving the trust issue.

Update: I'm not sure I understood the architecture good enough. We need to talk about it.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions