[Bug]: Signatures - Passing extra data not typed is added in the signature but not visible on the UI #22900
Labels
Sev3-low
Low severity; minimal to no impact upon users
stale
issues and PRs marked as stale
team-confirmations
Push issues to confirmations team
team-confirmations-secure-ux
DEPRECATED: please use "team-confirmations" label instead
type-bug
Comments
seaona
added
type-bug
team-confirmations-planning
bschorchit
added
Sev3-low
matthewwalsh0
added
team-confirmations-secure-ux
9 tasks
|
This issue has been automatically marked as stale because it has not had recent activity in the last 90 days. It will be closed in 45 days if there is no further activity. The MetaMask team intends on reviewing this issue before close, and removing the stale label if it is still a bug. We welcome new comments on this issue. We do not intend on closing issues if they report bugs that are still reproducible. Thank you for your contributions. |
|
This is as per requirement, please check this PR: MetaMask/metamask-mobile#9795 Fields which are not typed are not part of finally signed message. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Problem: passing extra data which is not in the typed definition, results in being it hidden in the UI but actually being signed in the signature result
Expected behavior
No response
Screenshots/Recordings
metamask-signature-type-obfuscated.mp4
Steps to reproduce
(See video)
Error messages or log output
No response
Version
11.9.0 but introduced earlier
Build type
None
Browser
Chrome
Operating system
Linux
Hardware wallet
No response
Additional context
No response
Severity
No response
The text was updated successfully, but these errors were encountered: