timdaub
@timdaub.eth
STOP USING PASSKEYS TO SIGN CRYPTO CURRENCY TRANSACTIONS The $1.4B Bybit hack famously happened because the victim signed a tampered payload in their browser. A years-long, wide-ranging discussion has already happened about the caveats of blind signing on hardware wallets. Why are we jumping head first into Passkeys now? Passkeys are NOT meant to be used to sign individual crypto currency transactions. They have primarily been designed to log users into website and app sessions. Unless your wallet works in a similar way, I don't think it should be using Passkeys. It's misappropriation of the Passkeys standard which was meant to fix signing into apps! Passkey adoption to sign individual transactions will further accelerate the trend towards blind signing, forcing users to trust that the input to the Passkey dialog is valid and not secretly changed by a hacker. Do we really want to onboard our friends and family to this new trend? What if their to-be-signed payloads get swapped out secretly? Knowing what you sign is extremely important. Virtually ALL self custodial wallets have now implemented transaction simulations making signing so much more safe. It also highlights how important it is for the user to know WHAT they're signing. We used to have to read the specific payload. Now we can rely (to a degree) on simulations. So why would we go back to total blindness? This is not self-custody anymore. It betrays fundamental principles of using crypto. As an example, see the screenshots below. On the left one, I'm supposedly signing that I'm going to be sending 1 EXP to 0xee32.... BUT, there is no guarantee that this is what I'm signing on the right screenshot. I'm actually just signing something. Yes, the porto wallet has presented the payload to me "Send 1 EXP to 0xee32...", but it's unclear if this payload is actually what I'm signing! I could also be signing that I admit being a little teapot. Sorry to say it. I know many people have traded Passkeys as THE solution to our self custodial wallet problems. But Passkeys are really NOT it when it comes to signing individual transactions. The point of Passkeys is to allow users to log into a website as a certain identity and to then grant this identity bespoke permissions. Crypto currency developers, please go back to the drawing board and spare us all the drama that will ensue if we adopt this technology for individual transaction signing. I know it is painful. But it is what it is. We shouldn't bargain with the fundamental safety principles when it comes to signing individual transactions.
6 replies
6 recasts
26 reactions
Jaume
@jamalavedra
why is it different than in other wallets? the signing material is used when you press on a button in the wallet ui, so you're still trusting the ui. the only difference to me it seems is where the signing material is ?
1 reply
0 recast
2 reactions
shazow
@shazow.eth
not sure bybit is a great example porto loads from a separate domain than the respective dapp, porto is responsible for decoding the transaction and showing the confirmation screen (and adding simulation or whatever) if porto is compromised to show incorrect decoding the way safe wallet was with bybit, then that's the same as rainbow/metamask being compromised to show incorrect decoding i also don't buy the rest of the "passkeys was meant to do something else therefore we shouldn't appropriate it" argument but meh, god forbid we use tech in a way that wasn't anticipated from the beginning
1 reply
0 recast
0 reaction
hodges.eth 🔵-'
@wat
you're conflating passkeys with lack of simulation here. the two have nothing to do with one another. see account.base.app as an example of a web-based passkey smart account with proper simulation. passkeys are a useful signing primative that have many advantages (but clear tradeoffs) when compared to secp256k1 signers
0 reply
0 recast
1 reaction
Colin Charles
@bytebot
Isn’t base by default passkeys? It might not even have passwords afaik
0 reply
0 recast
1 reaction
ghadi.justan.id
@justghadi
There is no real correlation between blind signing and passkeys. Blind signing comes down to the wallet provider properly decoding the data and showing it in a human-readable format to the user (regardless of signer type), while passkeys are a replacement for ECDSA signers. The calldata to decode might be slightly more complex when signing with a passkey, but that’s simply because the wallet will always be a smart contract in that case (same goes for multi-sigs…)
0 reply
0 recast
1 reaction
cobuild marvin
@cobuildbot.eth
https://justco.build/onboard/0x2cb8c01eabdff323c9f2600782132ace6ea37bc4
0 reply
0 recast
0 reaction
