You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Executing a SignMessageLib.signMessage tx built from the tx builder ui should work.
For SignMessageLib.signMessage the tx builder should always use operation delegatecall instead of call. The latter will always fail as the library function is referring to Safe contract storage that is only available when executing the tx via delegatecall.
Obtained result
The tx builder wrongfully sets operation call for SignMessageLib.signMessage invocations and there is no ui input to manually change it to delegatecall.
Screenshots
Shows operation call wrongfully set for SignMessageLib.signMessage:
The text was updated successfully, but these errors were encountered:
In the safe-apps-sdk (and Transaction Builder is using that SDK), we limit delegatecalls to arbitrary contracts on purpose because it entails a massive security risk. We're not looking to change that anytime soon. Delegatecalls to an arbitrary contract can only be performed via our other SDKs like the safe-core-sdk.
@katspaugh Please reconsider the case where Safe signers want to perform a multisig message "signature" via the SignMessageLib, always deployed at 0xd53cd0aB83D845Ac265BE939c57F53AD838012c9. I'm only asking to correct the operation to delegatecall for this particular static and known address.
For SignMessageLib.signMessage(msg)delegatecall must be used as the target contract is a library with the method referring to Safe storage (tx builder setting the call operation makes the tx unexecutable) AND that delegatecall is absolutely safe to use since we are calling into Safe's official SignMessageLib - this is not an arbitrary contract.
In the current state, regular (no-code) users are not able to generate a multisig for a message, this limits the usage of Safe's ERC-1271 signature verification flow and multisig message signing in general.
Bug description
Environment
Steps to reproduce
0xd53cd0aB83D845Ac265BE939c57F53AD838012c9
signMessage
0x68616c6c6f63
Expected result
Executing a
SignMessageLib.signMessage
tx built from the tx builder ui should work.For
SignMessageLib.signMessage
the tx builder should always use operationdelegatecall
instead ofcall
. The latter will always fail as the library function is referring to Safe contract storage that is only available when executing the tx viadelegatecall
.Obtained result
The tx builder wrongfully sets operation
call
forSignMessageLib.signMessage
invocations and there is no ui input to manually change it todelegatecall
.Screenshots
Shows operation
call
wrongfully set forSignMessageLib.signMessage
:The text was updated successfully, but these errors were encountered: