app-ethereum

d-bis/app-ethereum

Fork 0

Commit Graph

Author	SHA1	Message	Date
Jorge Martins	65d2c88f2d	update docs	2022-11-08 10:22:26 +01:00
Jorge Martins	ead85a0aaa	Add funcs to avoid tricking user when using plugin Usually the length of an array is sent in a parameter. Most of the times the developer simply uses U2BE/U4BE to get this length. It is possible to forge a tx with a `length > sizeof(uint16_t/uint32_t)` and trick the user into signing something different from what is shown. For instance consider the following parameter: 00 ... 01 00 00 00 01 if the developer uses U2BE/U4BE, it is possible that this length is shown to the user and if it is, the user will see the length as 1.	2022-11-08 09:44:37 +01:00
Alexandre Paillier	30f8c50e3f	Renamed doc files to their recommended extension https://asciidoctor.org/docs/asciidoc-recommended-practices/#document-extension	2022-08-05 17:58:17 +02:00

Author

SHA1

Message

Date

Jorge Martins

65d2c88f2d

update docs

2022-11-08 10:22:26 +01:00

Jorge Martins

ead85a0aaa

Add funcs to avoid tricking user when using plugin

Usually the length of an array is sent in a parameter.
Most of the times the developer simply uses U2BE/U4BE to get this length. It
is possible to forge a tx with a `length > sizeof(uint16_t/uint32_t)` and trick the
user into signing something different from what is shown.

For instance consider the following parameter:
00 ... 01 00 00 00 01

if the developer uses U2BE/U4BE, it is possible that this length is shown to the user
and if it is, the user will see the length as 1.

2022-11-08 09:44:37 +01:00

Alexandre Paillier

30f8c50e3f

Renamed doc files to their recommended extension

https://asciidoctor.org/docs/asciidoc-recommended-practices/#document-extension

2022-08-05 17:58:17 +02:00

3 Commits