Implement personal_sign and eth_signTypedData_v4 message signing
All checks were successful
check / check (push) Successful in 4s
All checks were successful
check / check (push) Successful in 4s
Replace stub error handlers with full approval flow for personal_sign, eth_sign, eth_signTypedData_v4, and eth_signTypedData. Uses toolbar popup only (no fallback window) and keeps sign approvals pending across popup close/reopen cycles so the user can respond via the toolbar icon.
This commit is contained in:
66
README.md
66
README.md
@@ -437,20 +437,41 @@ transitions.
|
||||
#### TxApproval
|
||||
|
||||
- **When**: A connected website requests a transaction via
|
||||
`eth_sendTransaction`. Opened in a separate popup by the background script.
|
||||
`eth_sendTransaction`. Opened via the toolbar popup by the background script.
|
||||
- **Elements**:
|
||||
- "Transaction Request" heading
|
||||
- Site hostname (bold) + "wants to send a transaction"
|
||||
- Decoded action (if calldata is recognized): action name, token details,
|
||||
amounts, steps, deadline (see Transaction Decoding)
|
||||
- From: color dot + full address + etherscan link
|
||||
- To: color dot + full address + etherscan link (or "contract creation")
|
||||
- To/Contract: color dot + full address + etherscan link (or "contract
|
||||
creation"), token symbol label if known
|
||||
- Value: amount in ETH (4 decimal places)
|
||||
- Data: raw transaction data (shown if present)
|
||||
- Raw data: full calldata displayed inline (shown if present)
|
||||
- Password input
|
||||
- "Confirm" / "Reject" buttons
|
||||
- **Transitions**:
|
||||
- "Confirm" (with password) → closes popup (returns result to background)
|
||||
- "Reject" → closes popup (returns rejection to background)
|
||||
|
||||
#### SignApproval
|
||||
|
||||
- **When**: A connected website requests a message signature via
|
||||
`personal_sign`, `eth_sign`, or `eth_signTypedData_v4`. Opened via the toolbar
|
||||
popup by the background script.
|
||||
- **Elements**:
|
||||
- "Signature Request" heading
|
||||
- Site hostname (bold) + "wants you to sign a message"
|
||||
- Type: "Personal message" or "Typed data (EIP-712)"
|
||||
- From: color dot + full address + etherscan link
|
||||
- Message: decoded UTF-8 text (personal_sign) or formatted domain/type/
|
||||
message fields (EIP-712 typed data)
|
||||
- Password input
|
||||
- "Sign" / "Reject" buttons
|
||||
- **Transitions**:
|
||||
- "Sign" (with password) → signs locally → closes popup (returns signature)
|
||||
- "Reject" → closes popup (returns rejection to background)
|
||||
|
||||
### External Services
|
||||
|
||||
AutistMask is not a fully self-contained offline tool. It necessarily
|
||||
@@ -578,13 +599,16 @@ project owner.
|
||||
- View ERC-20 token balances (user adds token by contract address)
|
||||
- Send ETH to an address
|
||||
- Send ERC-20 tokens to an address
|
||||
- Receive ETH/tokens (display address, copy to clipboard)
|
||||
- Receive ETH/tokens (display address, copy to clipboard, QR code)
|
||||
- Connect to web3 sites (EIP-1193 `eth_requestAccounts`)
|
||||
- Sign transactions requested by connected sites
|
||||
- Sign transactions requested by connected sites (`eth_sendTransaction`)
|
||||
- Sign messages (`personal_sign`, `eth_sign`)
|
||||
- Lock/unlock with password
|
||||
- Configurable RPC endpoint
|
||||
- Future: USD value display (and other fiat currencies)
|
||||
- Sign typed data (`eth_signTypedData_v4`, `eth_signTypedData`)
|
||||
- Human-readable transaction decoding (ERC-20, Uniswap Universal Router)
|
||||
- ETH/USD and token/USD price display
|
||||
- Configurable RPC endpoint and Blockscout API
|
||||
- Address poisoning protection (spam token filtering, dust filtering, fraud
|
||||
contract blocklist)
|
||||
|
||||
### Address Poisoning and Fake Token Transfer Attacks
|
||||
|
||||
@@ -672,6 +696,32 @@ indexes it as a real token transfer.
|
||||
designed as a sharp tool — users who understand the risks can configure the
|
||||
wallet to show everything unfiltered, unix-style.
|
||||
|
||||
#### Transaction Decoding
|
||||
|
||||
When a dApp asks the user to approve a transaction, AutistMask attempts to
|
||||
decode the calldata into a human-readable summary. This is purely a display
|
||||
convenience to help the user understand what they are signing — it is not
|
||||
endorsement, special treatment, or partnership with any protocol.
|
||||
|
||||
AutistMask is a generic web3 wallet. It treats all dApps, protocols, and
|
||||
contracts equally. No contract gets special handling, priority, or integration
|
||||
beyond what is needed to show the user a legible confirmation screen. Our
|
||||
commitment is to the user, not to any service, site, or contract.
|
||||
|
||||
Decoded transaction summaries are best-effort. If decoding fails, the raw
|
||||
calldata is displayed in full. The decoders live in self-contained modules under
|
||||
`src/shared/` (e.g. `uniswap.js`) so they can be added for common contracts
|
||||
without polluting wallet-specific code. Contributions of decoders for other
|
||||
widely-used contracts are welcome.
|
||||
|
||||
Currently supported:
|
||||
|
||||
- **ERC-20**: `approve()` and `transfer()` calls — shows token symbol, spender
|
||||
or recipient, and amount.
|
||||
- **Uniswap Universal Router**: `execute()` calls — shows swap direction (e.g.
|
||||
"Swap USDT → ETH"), token addresses, amounts, execution steps, and deadline.
|
||||
Decodes Permit2, V2/V3/V4 swaps, wrap/unwrap, and balance checks.
|
||||
|
||||
### Non-Goals
|
||||
|
||||
- Token swaps (use a DEX in the browser)
|
||||
|
||||
Reference in New Issue
Block a user