Comments (3)
- Check how to validate that a transaction was submitted by an owner
from safe-transaction-service.
Currently you can use a hack around it by using a random transaction hash when submitting the transaction.
@rmeissner add more info on that
from safe-transaction-service.
API endpoints
POST /safes/{safe_address}/delegates
{
"delegate": "<checksummed-eth-address>",
"label": "<short-string-max-50-chars>",
"signature": "<0x-prefixed-hex-signature>"
}
Generation of <hex-signature>
Multiple signature types are allowed:
Contract Signature
,EOA
oreth_sign
: The hash to sign must bekeccak(checksummed-eth-address + TOTP)
Approved Hash
is not supported.
Calculation of TOTP
- TOTP will be used to prevent a repetition attack. E.g. a user signs a delegate, that delegate is compromised and removed but the signature is always valid, so another user could send that signature again to register the user as a delegate. This will prevent it.
- We will use a TOTP with
T0=0
andTx=3600
(1 hour) - TOTP is calculated by taking the Unix epoch time (no milliseconds) and dividing by 3600 (natural division, no decimals)
Example
- We want to add the owner
0x132512f995866CcE1b0092384A6118EDaF4508Ff
- We calculate the TOTP.
Current epoch=1586779140
, so1586779140 // 3600 = 440771
- We sign
keccak("0x132512f995866CcE1b0092384A6118EDaF4508Ff440771")
DELETE /safes/{safe_address}/delegates/{delegate-address}
{
"signature": "<hex-signature>"
}
Signature must be generated the same way that in POST
GET /safes/{safe_address}/delegates
{
"delegate": "<checksummed-eth-address>",
"delegator": "<checksummed-eth-address>", // Who added the delegate
"label": "<short-string>"}
Notes: Endpoint will be paginated
Notes
- Every tx proposed must have a signature, so backend can check the sender. No signed txs must be discarded
- Delegates cannot add/remove delegates
- Multiple POSTs with same
delegateAddress
, differentlabel
and validsignature
will update thelabel
from safe-transaction-service.
Related Issues (20)
- Add expiry to transaction proposals HOT 4
- Safes with a lot of transfers take a lot to load
- All-transactions cache can be broken due to deletion of transactions HOT 1
- BUG-1 HOT 1
- bug
- Indexer stucked due to decoding error
- Collapse migrations to avoid using deprecated fields
- Fix test `test_process_aa_transaction` HOT 1
- Refactor Tx Service page in safe docs
- Check if ETHEREUM_4337_BUNDLER_URL uses the same chainId as ETHEREUM_NODE_URL HOT 3
- Refactor delegate endpoint signatures to use EIP712 HOT 2
- help
- Return Safe deployments addresses HOT 1
- Remove `v1` `balances/usd` endpoint HOT 4
- Create a common cache class for all the transaction service endpoints
- 4337: Index transactions for the 0.7 entrypoint
- [Trusted tokens] Process ENS names in tokenlist address fields
- 4337: Fix issues with reverted transactions HOT 2
- Organize swagger methods with tags
- Just a moment... HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from safe-transaction-service.