How do you know what you're signing on your hardware wallet is correct?

Asking this question could have saved Radiant Captial $50M last year, and could save you even more.

If you're on a security council, DAO, or you own a hardware wallet, you need to know this 👇

A big thanks to @pcaversaccio for creating the original tool to do this.

When you sign something with your multi-sig, you get an output like this. You MUST know what this is representing in order to sign it.

Radiant didn't verify this signature, and it cost them $50M

𝐖𝐨𝐫𝐤𝐢𝐧𝐠 𝐨𝐧 𝐰𝐡𝐚𝐭'𝐬 𝐧𝐞𝐱𝐭.

https://github.com/pcaversaccio

Web3 development & security
🛡️ Cyfrin 
🦅 CodeHawks
🟪 Solodit
🎓 Updraft

You can use the safe_hashes tool to understand if this is indeed the correct data. After running the tool, it'll give you an output of what transaction is being called and the expected signature hash.

You can watch the full video here.

https://www.youtube.com/watch?v=7lP_0h-PPvY&feature=youtu.be