ethereumcommonwealth / classicmask Goto Github PK

Right now the USD amount is converted from the ETH price.

web3.version.network
=> 61

web3.currentProvider.send({jsonrpc: '2.0', method:"net_version", params:[],id:1})
=> {id: 1, jsonrpc: "2.0", result: 61}

web3.currentProvider.sendAsync({method:"net_version", params:[],id:1}, (err, x) => console.log(err, x))
=> {id: 1, result: "1"}

$ curl -X POST --data '{"jsonrpc":"2.0","method":"net_version","params":[],"id":1}' https://mewapi.epool.io
{"jsonrpc":"2.0","result":"1","id":1}

In Ethereum Classic, network_id is 1 and chain_id is 61. In all other networks, the network_id and chain_id are the same.

Issues:

1. network_id must be returned as a string, not a number
2. Node is returning "1", but ClassicMask returns 61 (unless net_version is invoked directly with sendAsync)
3. However, if ClassicMask correctly returns 1, dapps may think they are on the non-classic Mainnet.

I installed ClassicMask to Chrome and started it, there opened window and i were need to enter password and ClassicMask generated me some private key and seed phrase, but i had my own private key and account, so i logged out from this account and didn't save any phrases or keys, because i had my own account. So when i logged out and entered my private key, i logged to my account(from which i knew the private key) and it showed me my address, so as i were sure, that this address is correct i copy it and send all my Callisto tokens to this address. Then when i relaunched the browser, because nothing came to my wallet. I found out, that address changed in my account and address which i copied was from first generated account, so i sent all my tokens to wrong address, because ClassicMask didn't update this field!

Bug Reports:

In this device, I am using Windows10 and Google Chrome (latest version). I have installed classicMask extension and configured, so, theoretically, I am connected to Ethereum Classic mainnet.

Trying to deploy a contract using classicetherwallet (connected to ethereum classic mainnet) occurs the following situation:

Also, I´ve tried to deploy a smart contract in Ropsten for example, and the same issue come up.

But, if I use etherwallet and MetaMask on the other hand, the same process works successfully.

Hello, when I attempt to send Ethereum Classic from my wallet, I get this warning:

When I go to change the Gas limit, I can only toggle between 21000 and 0. When I type a value, the submit button remains gray and I am unable to get it to go away. I have reset and tried again. I have waited several hours and tried again. Still nothing.

Can you please advise?

In 14 Feb i send my ETC from Jaxx to Classic Mask, after CLO airdrop i tried to send my etc back...Classic Mask stuck, yesterday i recovered my account but my balance is zero.
https://gyazo.com/574a436383f64ed7943d7728fa2759ed
https://gyazo.com/2fa56a7cc7afe4cba8f2ed6c92d4ad5f

My old Classic Mask addres still had my etc!
https://gyazo.com/58d1dcbd30e79a306524e53a5bd14669
How can i solve this!

Missing link to Changelly to buy Expanse

"switch network to Test Network and switch back" and "clear cache" not working

Insecure Credential Storage
Vulnerable module: web3
Introduced through: [email protected]
Detailed paths
Introduced through: metamask-crx@EthereumCommonwealth/ClassicMask#a89b72cff66fde37984f9d881d0090c9d5c9a18d › [email protected]
Overview
web3 is a JavaScript API which connects to the Generic JSON RPC spec.

Affected versions of this package are vulnerable to Insecure Credential Storage. The current implementation of web3.js could result in wallet decryption under certain circumstances. When a wallet is saved and encrypted into local storage, a private key is needed to load the wallet. However, this private key is available via LocalStorage and is readable in plaintext on a webpage after a wallet is loaded.

This implementation could be abused by an attacker through client-side attacks such as Cross-site Scripting (XSS) and could result in theft of a user's wallet private key.