You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What is the current behavior and expected behavior?
As a developer when I want to sign a RAW hex payload, this payload must not be manipulated by adding any additional data like this wrapper, That why it is named signRaw.
Sorry, but WDF, it was a terrible idea to wrap this with tag in the signer, that manipulation must be done on the Dapp side, not on the signer side. the change was introduced by e4ce268
What is the motivation for changing the behavior?
I'm crafting a raw substrate transaction, and the payload must be RAW and not manipulated given that it can not be verified for the blockchain node.
Solution
To avoid break changes to anyone using that signRaw with bytes, I recommend including an extra type called 'raw' in the SignRawPayload, then if the type is raw no manipulation must be done.
Version:
Environment:
Node.js
Browser
Other (limited support for other environments)
Language:
JavaScript
TypeScript (include tsc --version)
Other
The text was updated successfully, but these errors were encountered:
S0c5
changed the title
wrong signRaw signature for polkadotjs due to u8aWrapBytes that forced adding <Bytes>...<Bytes> to "sign" function
wrong signRaw signature for polkadotjs due to u8aWrapBytes that forced adding <Bytes>...<Bytes> to payload before "sign" function
May 2, 2024
I'd say it's a bug since it introduces an unwanted and undocumented behavior (I searched through the documentation and found no mention of that wrapping bytes feature), and today it doesn't follow the definition for "signRaw". Anyway, 😄 we must fix this, as there are plenty of use cases where we need to sign the payload as it is, more for low-level developers.
If the intention was to prevent evil actors from performing raw signatures, that must be in my opinion a warning in the UI that alerts to the user that a "low-level" operation is being performed.
As a developer when I want to sign a
RAW
hex payload, this payload must not be manipulated by adding any additional data like this wrapper, That why it is namedsignRaw
.Sorry, but WDF, it was a terrible idea to wrap this with tag in the signer, that manipulation must be done on the Dapp side, not on the signer side. the change was introduced by e4ce268
I'm crafting a raw substrate transaction, and the payload must be RAW and not manipulated given that it can not be verified for the blockchain node.
Solution
To avoid break changes to anyone using that
signRaw
withbytes
, I recommend including an extratype
called 'raw' in the SignRawPayload, then if the type israw
no manipulation must be done.Version:
Environment:
Language:
The text was updated successfully, but these errors were encountered: