Miscellaneous (#78)

* Remove unused code in Motoko canister * Improve security for authorizing principals * Adjust ECDSA message * Run 'npm audit fix'
dfinity · Apr 10, 2024 · 474df88 · 474df88
1 parent 0a009ae
commit 474df88
Show file tree

Hide file tree

Showing 5 changed files with 79 additions and 30 deletions.
diff --git a/canisters/backend/Core.mo b/canisters/backend/Core.mo
@@ -8,19 +8,13 @@ import Nat64 "mo:base/Nat64";
 import System "lib/System";
 import Iter "lib/IterMore";
 import IcEth "canister:ic_eth";
-import Seq "mo:sequence/Sequence";
-import Stream "mo:sequence/Stream";
 
 module {
   public class Core(installer : Principal, sys : System.System, _state : State.Stable.State, history : History.History) {
 
     let state = State.OOOf(sys, _state);
     public let logger = History.Logger(sys, history);
 
-    func unreachable() : None {
-      do { assert false; loop {} };
-    };
-
     public func login(caller : Principal) : Types.Resp.Login {
       let log = logger.Begin(caller, #login);
       log.okWith(state.login(caller));
@@ -39,7 +33,8 @@ module {
 
     public func connectEthWallet(caller : Principal, wallet : Types.EthWallet, signedPrincipal : Types.SignedPrincipal) : async Types.Resp.ConnectEthWallet {
       let log = logger.Begin(caller, #connectEthWallet(wallet, signedPrincipal));
-      let checkOutcome = await IcEth.verify_ecdsa(wallet, Principal.toText caller, signedPrincipal);
+      let message = "Associated ICP principal: " # Principal.toText(caller);
+      let checkOutcome = await IcEth.verify_ecdsa(wallet, message, signedPrincipal);
       log.internal(#verifyEcdsaOutcome(checkOutcome));
       if (checkOutcome) {
         ignore (state.putWalletSignsPrincipal(wallet, caller, signedPrincipal));
@@ -116,7 +111,7 @@ module {
       log.okWith(true);
     };
 
-    public func getPublicHistory(caller : Principal) : [Types.PublicEvent] {
+    public func getPublicHistory(_caller : Principal) : [Types.PublicEvent] {
       Iter.toArray(state.getPublicHistory());
     };
 

diff --git a/canisters/backend/History.mo b/canisters/backend/History.mo
@@ -1,5 +1,3 @@
-import Error "mo:base/Error";
-import Cycles "mo:base/ExperimentalCycles";
 import Int "mo:base/Int";
 import Iter "mo:base/Iter";
 import Seq "mo:sequence/Sequence";

diff --git a/canisters/backend/Snapshot.mo b/canisters/backend/Snapshot.mo
@@ -1,7 +1,6 @@
 import Types "Types";
 import State "State";
 
-import Int "mo:base/Int";
 import Trie "mo:base/Trie";
 import Iter "lib/IterMore";
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/src/services/addressService.ts b/src/services/addressService.ts
@@ -49,7 +49,7 @@ async function verifyAddress(address: string, ethereum: any): Promise<boolean> {
     return false;
   }
   const principal = user.client.getIdentity().getPrincipal().toString();
-  const message = principal; // TODO: human-readable message?
+  const message = `Associated ICP principal: ${principal}`;
   const signature = await ethereum.request({
     method: 'personal_sign',
     params: [`0x${toHex(message)}`, address],