Git Product home page Git Product logo

sov-snap's Introduction

Sovereign SDK Metamask Snap

For the Snap documentation, check here.

To test the Snap, check here.

Prerequisites

sov-snap's People

Contributors

guillaumerx avatar frederikbolding avatar vlopes11 avatar ziad-saab avatar mrtenz avatar howardbraham avatar montoya avatar bmoyroud avatar bkolad avatar immortal-tofu avatar eriknson avatar ritave avatar

sov-snap's Issues

Validate Snap arguments 

          As noted by the comment, type validation is required here. It's very much okay to track this in a separate issue without further modifications to the current PR, but I want to stress how important it is for the Snap to validate every last piece of data it receives from RPC. It's very easy to introduce security holes if we don't.

Upstream Metamask Snaps sources seem to rely on superstruct quite heavily, and they actually provide some helpers here. Our validation logic may look something like this:

import { Bytes } from '@metamask/utils';
import { Bip32PathStruct } from '@metamask/snaps-utils/*';
import { Infer, boolean, enums, object, optional, type } from 'superstruct';

export const SupportedCurveEnums = enums(['ed25519', 'sec256k1']);

/**
 * The supported curves for deriving a BIP-32 account.
 */
export type SupportedCurve = Infer<typeof SupportedCurveEnums>;

/**
 * `type` is used instead of `object` to allow unknown properties.
 */
export const GetBip32PublicKeyParamsStruct = type({
  /**
   * The BIP-32 path to the account.
   */
  path: Bip32PathStruct,
  /**
   * The curve used to derive the account.
   */
  curve: SupportedCurveEnums,
  /**
   * Whether to return the public key in compressed form.
   */
  compressed: optional(boolean()),
});

/**
 * The parameters for calling the `getPublicKey` JSON-RPC method.
 *
 * Unknown properties are ignored and passed to `snap_getBip32PublicKey`.
 */
export type GetBip32PublicKeyParams = Infer<
  typeof GetBip32PublicKeyParamsStruct
>;

export const SignMessageParamsStruct = object({
  /**
   * The BIP-32 path to the account.
   */
  message: Bytes,
  /**
   * The curve used to derive the account.
   */
  curve: SupportedCurveEnums,
  /**
   * The BIP-32 path to the account.
   */
  path: Bip32PathStruct,
});

/**
 * The parameters for calling the `signMessage` JSON-RPC method.
 */
export type SignMessageParams = Infer<typeof SignMessageParamsStruct>;

Originally posted by @neysofu in #1 (comment)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.