Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Tracking]: Limit Amino signing #19292

Closed
tac0turtle opened this issue Jan 30, 2024 · 1 comment
Closed

[Tracking]: Limit Amino signing #19292

tac0turtle opened this issue Jan 30, 2024 · 1 comment
Labels
S:blocked Status: Blocked T:Epic Epics

Comments

@tac0turtle
Copy link
Member

Summary

Remove the ability to sign all messages with amino unless its used with multisigs. As discussed in the architecture call we would like to limit the scope of possible security issues with signing, for this to happen we need to scope what a signmode should/can be used for.

Since amino is used in multisigs primarily we need to to support it for the time being but we will have a plan to migrate out of it.

Problem Definition

Amino signing expands the surface area of possible signing bugs, with 4 sign modes we should limit the scope of issues and work on a single way to sign things.

Work Breakdown

  1. support for sign mode textual in js and (maybe) rs
  2. default wallets to sign mode textual
  3. limit amino to multisigs
  4. provide alternative way of signing off chain multisigs
  5. remove amino
  6. win
@tac0turtle tac0turtle added T:Epic Epics S:blocked Status: Blocked labels Jan 30, 2024
@tac0turtle tac0turtle changed the title [Tracking]: Amino signing [Tracking]: Limit Amino signing Jan 30, 2024
@tac0turtle
Copy link
Member Author

closing this as need to dive deeper into signing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
S:blocked Status: Blocked T:Epic Epics
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tac0turtle