You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One of the wallet's unique features is the ability to forward and backlink other wallets. This was introduced in v9 along with the ability to upgrade wallet. Currently, "upgrade" works by creating a new wallet with identical authentication configurations and migrating all assets in the old wallet to the new wallet, subject to some approval from the recovery address of the old wallet. This mechanism has its drawbacks and may improve in the future, such that the wallet address may remain unchanged. See #189. This is scheduled to be designed and implemented in v17 or later. Until then, we must ensure the upgrade mechanism is secure and the user's assets can be conveniently and safely migrated.
Between a pair of linked wallets (e.g. one upgraded to another), the link is directional. That means, one wallet is "forwarded" to another. We refer to the wallet being forwarded to as the "target wallet", and the wallet being being forwarded from as the "source wallet". The mechanisms in v9 enables target wallet to command the source wallet, such that the target wallet can execute any operation as the source wallet (such as calling another smart contract, producing EIP-1271 signatures). This is useful for many use cases in practice, such as multisig (Gnosis Safe) wallets where the source wallet is one of the owners. The mechanism was initially buggy - none of the commands would succeed (because a wrong operationType was passed in). But a patch in 1e3d0f8 soon fixed in v11 (not documented in release note).
Currently (in v15), the source wallets can still execute transactions as normal even after a link is already established. Because of that, the command operation was almost never used. This introduces a security issue, as identified in a recent security vulnerability (in January 2022). See #253. For this reason, in v16, after a wallet is linked to another (i.e. a successful execution of FORWARD or RECOVER operation), no regular operations will be allowed on the source wallet. The source wallet can only accept operations passed by the target wallet via COMMAND operation on the target wallet.
Since most implementations related to operating old wallets (source wallets) are based on regular operations on source wallets, the above change introduces a need for a library to translate regular operations to COMMAND operations issued to target wallet. The library should enable most existing implementations remain intact aside from invoking a wrapper that indicates a translation to COMMAND operation is required.
As part of this task, all related frontend implementations where operations are known to be performed on source wallets should be updated to use this library.
The text was updated successfully, but these errors were encountered:
One of the wallet's unique features is the ability to forward and backlink other wallets. This was introduced in v9 along with the ability to upgrade wallet. Currently, "upgrade" works by creating a new wallet with identical authentication configurations and migrating all assets in the old wallet to the new wallet, subject to some approval from the recovery address of the old wallet. This mechanism has its drawbacks and may improve in the future, such that the wallet address may remain unchanged. See #189. This is scheduled to be designed and implemented in v17 or later. Until then, we must ensure the upgrade mechanism is secure and the user's assets can be conveniently and safely migrated.
Between a pair of linked wallets (e.g. one upgraded to another), the link is directional. That means, one wallet is "forwarded" to another. We refer to the wallet being forwarded to as the "target wallet", and the wallet being being forwarded from as the "source wallet". The mechanisms in v9 enables target wallet to command the source wallet, such that the target wallet can execute any operation as the source wallet (such as calling another smart contract, producing EIP-1271 signatures). This is useful for many use cases in practice, such as multisig (Gnosis Safe) wallets where the source wallet is one of the owners. The mechanism was initially buggy - none of the commands would succeed (because a wrong operationType was passed in). But a patch in 1e3d0f8 soon fixed in v11 (not documented in release note).
Currently (in v15), the source wallets can still execute transactions as normal even after a link is already established. Because of that, the command operation was almost never used. This introduces a security issue, as identified in a recent security vulnerability (in January 2022). See #253. For this reason, in v16, after a wallet is linked to another (i.e. a successful execution of FORWARD or RECOVER operation), no regular operations will be allowed on the source wallet. The source wallet can only accept operations passed by the target wallet via COMMAND operation on the target wallet.
Since most implementations related to operating old wallets (source wallets) are based on regular operations on source wallets, the above change introduces a need for a library to translate regular operations to COMMAND operations issued to target wallet. The library should enable most existing implementations remain intact aside from invoking a wrapper that indicates a translation to COMMAND operation is required.
As part of this task, all related frontend implementations where operations are known to be performed on source wallets should be updated to use this library.
The text was updated successfully, but these errors were encountered: