Content
@
0 reply
0 recast
2 reactions
timbeiko.eth
@tim
please farcaster, halp
6 replies
3 recasts
40 reactions
Dan Finlay 🦊
@danfinlay
bc that trick where you can generate an address to match a signature.
3 replies
0 recast
11 reactions
Dan Finlay 🦊
@danfinlay
@nick.eth could answer I bet
1 reply
0 recast
2 reactions
Dan Finlay 🦊
@danfinlay
Btw this trick is also why 3074 would be a fine AA solution, doesn’t enshrine EOAs :P
2 replies
2 recasts
7 reactions
Daniel - Bountycaster
@pirosb3
@danfinlay thank you for answering. Would you have any resources to share with me that can make me understand this attack vector better?
1 reply
0 recast
0 reaction
Daniel - Bountycaster
@pirosb3
And a follow up: if the payload being signed explicitly includes the address (e.g., 'I am verifying that address 0x123 is FID 1323') and it's confirmed that this message is indeed signed by the EOA 0x123, does this mitigate the attack vector you are thinking of?
1 reply
0 recast
0 reaction
Dan Finlay 🦊
@danfinlay
Yes I think that would solve it, because the technique must not allow address selection or someone would have drained the zero address.
0 reply
0 recast
1 reaction