Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unisat wallet sign messages cannot be verified. #3

Closed
ygcool opened this issue Jun 14, 2023 · 1 comment
Closed

unisat wallet sign messages cannot be verified. #3

ygcool opened this issue Jun 14, 2023 · 1 comment
Assignees
@ArbitronNL
Labels
wontfix This will not be worked on

Comments

@ygcool
Copy link

ygcool commented Jun 14, 2023

image

Using the P2WPKH/P2SH-P2WPKH/Legacy (P2PKH) formats of the unisat wallet to sign messages cannot be verified.

test website: https://demo.unisat.io/
@ArbitronNL ArbitronNL self-assigned this Jun 15, 2023
@ArbitronNL
Copy link
Contributor

Legacy

I've tried to sign a message with a legacy address using Unisat and it provided an invalid signature on both Electrum and BrainWalletX. Only VerifySignedMessage seems to accept this signature.

After looking at the source code of VerifySignedMessage, I realized that they had a fallback which rebuilds the signature (what the fuck) with different recovery flags and keeps trying to verify the message (actual source code is not public, but it looks a lot like this). This signals to me that UniSat doesn't properly create their signatures, because you should never need to change the actual signature for it to work.

The recovery flag that seems to succeed for UniSat signed message is 31 which means that the address is actually compressed. If I compress the address, I do get the proper address back (and the signature is instantly valid). However, the actual signature that UniSat creates gives me the recovery flag 27 which is uncompressed as shown in the table and the validation code.

P2WPKH-P2SH

I've tried to sign a message with a P2WPKH-P2SH using Unisat and it provided an invalid signature on Electrum. Only VerifySignedMessage seems to accept this signature.

For P2WPKH-P2SH UniSat uses recovery flag 28, which stands for P2PKH uncompressed, meaning it will never work in any official implementation. The flag used by VerifyBitcoinMessage was 36, which would also work with verify-signed-message (and provide a valid signed message).

P2WPKH

I've tried to sign a message with a P2WPKH using Unisat and it provided an invalid signature on Electrum. Only VerifySignedMessage seems to accept this signature.

For P2WPKH UniSat uses recovery flag 28, which stands for P2PKH uncompressed, meaning it will never work in any official implementation. The flag used by VerifyBitcoinMessage was 40, which would also work with verify-signed-message (and provide a valid signed message).

Since UniSat doesn't create a signature with the recovery flag properly set, it's not adhering to the current standards. Please create an issue with UniSat themselves, as they need to change their code, we will not be adding a non-standard fallback. If it helps, there already exists an issue for the legacy address, so it is not an unknown issue.

@ArbitronNL ArbitronNL mentioned this issue Aug 7, 2023
Closed
@ArbitronNL ArbitronNL added the wontfix This will not be worked on label Aug 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ArbitronNL ArbitronNL

Labels
wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ygcool @ArbitronNL