Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SIWE - Force match between origin domain and URI #16295

Closed
holantonela opened this issue Oct 27, 2022 · 3 comments
Closed

SIWE - Force match between origin domain and URI #16295

holantonela opened this issue Oct 27, 2022 · 3 comments
Labels
area-signatures team-confirmations-secure-ux DEPRECATED: please use "team-confirmations" label instead type-security

Comments

@holantonela
Copy link

There is a concern about exposing users to a warning message when domain binding verification is not OK. This implementation has been done following EIP-4361.

The proposal is for us to force dapps to match origin request domains with the URI field in the transaction. The expected iteration rejects the transaction and exposes a warning to the dapp through the API.

Slack Ref https://consensys.slack.com/archives/CN2H44RAM/p1666368532006679

I'd like to hear positions about moving forward with this or not and also extending this enforcement to other transactions as well.
@holantonela holantonela changed the title SIWE - Force Origin SIWE - Force match between origin domain and URI Oct 27, 2022
@kevinghim
Copy link
Contributor

kevinghim commented Nov 2, 2022
edited
Loading

Based on a call with Spruce, we'll be implementing v1 with dapp request blocking when there's a mismatch of ABNF mismatch, signature validity, and domain binding. @holantonela thoughts on the below suggested revisions?

Revisions

  1. Block dapp request to sign when there is a domain mismatch based on ABNF mismatch, signature validity, and domain binding.
    2. Display an alert to the user with the copy Deceptive site request blocked. The site you're attempting to sign into doesn't match the domain in the request. Click here to learn more. (WIP) Click more will reveal information on reasons behind the request blocking.
  2. Implement event tracking for the above alert being displayed, and when users click on the Click here to learn more.
  3. When the signature request is blocked, dapps should have error exposed on the dapp's end.

Future Iterations

For subsequent versions, we'll provide users the ability to 1) turn domain allow list on on settings saved locally, 2) add/remove domains to that allow list.

@kevinghim
Copy link
Contributor

An update from the team. We're going to bypass the user-facing alert described in #2 above. If the domain listed in the SIWE request does not match the domain the user is on, MetaMask will reject it via a dapp API method. There will be no user-facing alerts or recovery path.

@skgbafa would you be able to work on the changes on the UI end?

@hilvmason hilvmason added the team-confirmations-secure-ux DEPRECATED: please use "team-confirmations" label instead label Nov 21, 2022
This was referenced Feb 10, 2023
Closed
Closed
@holantonela
Copy link
Author

Closed by #16616

@holantonela holantonela mentioned this issue Feb 14, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-signatures team-confirmations-secure-ux DEPRECATED: please use "team-confirmations" label instead type-security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kevinghim @bschorchit @holantonela @hilvmason