With the increasing adoption of cryptocurrency and the lack of awareness about new threats and hacking methods, people are at risk of losing assets stored in their digital wallets. If a wallet's private keys are compromised, a hacker can gain access to the wallet and its associated funds. Additionally, the hacker can use the mempool or memory pool to track and potentially manipulate queued transactions. This is a serious concern for individuals and organizations using cryptocurrency, as it highlights the importance of securely storing and managing private keys. It is also worth noting that recovering assets lost in this way can be difficult and often nearly impossible.
One of the biggest challenges we faced was assuming that the ETH_SIGN method would sign a transaction. In practice, we found that it does sign a transaction to a certain extent, but it is not feasible to bundle it with other transactions, such as private transactions. As a result, we were unable to add an option for signing with MetaMask, which is a more secure method. We had to revert to using a private key-based signature, but the frontend is open-sourced so the private key never leaves the frontend.
Another challenge we encountered was the recent update and release of the Biconomy SDK on November 15, which did not have updated documentation. As a result, our approach for using the Biconomy SDK to change the owner of a smart contract was not functional because we could not find a factory contract on the Ethereum network. It was later confirmed that the Biconomy SDK is not yet available on the Ethereum Mainnet.
Additionally, we struggled to implement the ETH_SIGN method, which passes a transaction object as arbitrary byte32 with little documentation available on MetaMask. Despite this, the ETH RPC does support this method.
Tracks Applied (2)
Biconomy
ENS
Technologies used
Discussion