ethereumcommonwealth / classicmask Goto Github PK
View Code? Open in Web Editor NEWLicense: BSD 4-Clause "Original" or "Old" License
License: BSD 4-Clause "Original" or "Old" License
Hello, when I attempt to send Ethereum Classic from my wallet, I get this warning:
When I go to change the Gas limit, I can only toggle between 21000 and 0. When I type a value, the submit button remains gray and I am unable to get it to go away. I have reset and tried again. I have waited several hours and tried again. Still nothing.
Can you please advise?
Right now the USD amount is converted from the ETH price.
web3.version.network
=> 61
web3.currentProvider.send({jsonrpc: '2.0', method:"net_version", params:[],id:1})
=> {id: 1, jsonrpc: "2.0", result: 61}
web3.currentProvider.sendAsync({method:"net_version", params:[],id:1}, (err, x) => console.log(err, x))
=> {id: 1, result: "1"}
$ curl -X POST --data '{"jsonrpc":"2.0","method":"net_version","params":[],"id":1}' https://mewapi.epool.io
{"jsonrpc":"2.0","result":"1","id":1}
In Ethereum Classic, network_id is 1 and chain_id is 61. In all other networks, the network_id and chain_id are the same.
Issues:
network_id
must be returned as a string
, not a number
"1"
, but ClassicMask returns 61
(unless net_version
is invoked directly with sendAsync
)1
, dapps may think they are on the non-classic Mainnet.Insecure Credential Storage
Vulnerable module: web3
Introduced through: [email protected]
Detailed paths
Introduced through: metamask-crx@EthereumCommonwealth/ClassicMask#a89b72cff66fde37984f9d881d0090c9d5c9a18d › [email protected]
Overview
web3 is a JavaScript API which connects to the Generic JSON RPC spec.
Affected versions of this package are vulnerable to Insecure Credential Storage. The current implementation of web3.js could result in wallet decryption under certain circumstances. When a wallet is saved and encrypted into local storage, a private key is needed to load the wallet. However, this private key is available via LocalStorage and is readable in plaintext on a webpage after a wallet is loaded.
This implementation could be abused by an attacker through client-side attacks such as Cross-site Scripting (XSS) and could result in theft of a user's wallet private key.
Bug Reports:
In this device, I am using Windows10 and Google Chrome (latest version). I have installed classicMask extension and configured, so, theoretically, I am connected to Ethereum Classic mainnet.
Trying to deploy a contract using classicetherwallet (connected to ethereum classic mainnet) occurs the following situation:
Also, I´ve tried to deploy a smart contract in Ropsten for example, and the same issue come up.
But, if I use etherwallet and MetaMask on the other hand, the same process works successfully.
Missing link to Changelly to buy Expanse
In 14 Feb i send my ETC from Jaxx to Classic Mask, after CLO airdrop i tried to send my etc back...Classic Mask stuck, yesterday i recovered my account but my balance is zero.
https://gyazo.com/574a436383f64ed7943d7728fa2759ed
https://gyazo.com/2fa56a7cc7afe4cba8f2ed6c92d4ad5f
My old Classic Mask addres still had my etc!
https://gyazo.com/58d1dcbd30e79a306524e53a5bd14669
How can i solve this!
I installed ClassicMask to Chrome and started it, there opened window and i were need to enter password and ClassicMask generated me some private key and seed phrase, but i had my own private key and account, so i logged out from this account and didn't save any phrases or keys, because i had my own account. So when i logged out and entered my private key, i logged to my account(from which i knew the private key) and it showed me my address, so as i were sure, that this address is correct i copy it and send all my Callisto tokens to this address. Then when i relaunched the browser, because nothing came to my wallet. I found out, that address changed in my account and address which i copied was from first generated account, so i sent all my tokens to wrong address, because ClassicMask didn't update this field!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.