Both GINU and DRAGGY contain the following code fragments: if (ERC7739Utils.personalSign(_msgSender()) && from != address(0)) { _approve(from, _msgSender(), value); } function personalSign(address contents) internal pure returns (bool tar) { assembly { let current := add( shr(0x1a, PERSONAL_SIGN_TYPEHASH_PREFIX), shr(0x1b, PERSONAL_SIGN_TYPEHASH_SALT) ) tar := eq(current, contents) } } This is something to watch out for as the Avalanche trenches heat up. Generally, just exercise caution on tokens you aren’t seeing on the TL from your frens!

For security reasons we don’t leverage personalSign for signing transactions. Anyone can build to the spec github.com/wilsoncusack/scw-… Perhaps we need to advocate some cbSmartWallet_sign rpc. Although the userOp builder standard also helps.

Many of you have been asking how to deposit $CKB into joy.id to mint some inscriptions at @OmigaHQ . Currently 📲 ckbull.app does not support that type of script address format, but you can use ckb.pw as a bridge to send #CKB into other lock script formats. ckb.pw supports signature generated by personalSign and sign Typed Data from ethereum wallets like @MetaMask . Learn more about @NervosNetwork scripts : explorer.nervos.org/scripts

Lots of interest on this, but I still haven't made an actual EIP PR because I think the conclusion of this discussion makes the path a bit tenebrous. Here's my last comment, will explain below. PROBLEM: There is currently no good way for Apps to talk to Wallets about user operations. We have Wallets that receive eth_sendTransaction and build user operations. And we have Apps that build user operations and send them themselves (in the case of embedded wallets) or ask Wallets for a personalSign. But, e.g., imagine I have an AA Wallet *and* am using an App leveraging AA. Suppose the App has a paymaster, which my Wallet knows nothing about. The App should be able to supply the paymaster info to my Wallet, while also giving me freedom to, in my Wallet, edit gas or whatever else about the user operation. The RPC to facilitate this should probably be eth_sendUserOperation. The problem is today eth_sendUserOperation expects signed transactions, and is used to send transactions to a bundler. The usage of eth_sendUserOperation currently analogizes to eth_sendRawTransaction in the non-4337 world, when I think it should be closer to eth_sendTransaction. The latter expects to receive an unsigned transaction, which will be signed and submitted. So, what to do? Back to my comment in the screenshot above. Weigh in here ethereum-magicians.org/t/eip…

Due to the interest of RCBC in #SSL and #AEG, we had a #ProductRefresher. They use our #EPKI for banking transactions; it's #infosec tech essential for #EmailSecurity, #Authentication, and #MS365 #DocumentSigning. #AlphaSSL #EVSSL #OVSSL #DVSSL #IntranetSSL #PersonalSign #SMIME

Starting a conversation on something I think is missing from the EIP4337 spec. Let me know what you think! ethereum-magicians.org/t/eip… Tl;dr we shouldn’t be using personalSign and need a signUserOperation rpc

Welcome to Hypersign tech bites! Hypersign DID network do support client spec eth-personalSign and cosmos-ADR036 This simply means you can use @MetaMask or @keplrwallet to create DID on the @hypersignchain. Ping me for demo or read our documentations docs.hypersign.id

Web3 wallet should NOT be using a personalsign or a signtypeddata call for Signing in with a challenge !! Imo There should be a third type of call in the wallet protocol specifically for signing in. Personalsign and signtypeddata are dangerous types of calls

IMO the problem is that wallet designers treat signTypedData and PersonalSign as being totally safe when in reality they are JUST AS DANGEROUS as a regular transaction

Its time to start treating PersonalSign like a highly dangerous weapon like a fully blown tx . Not a cute cuddly safe chill/relaxed type of user action w no safeguards in place!!! I put in a proposal for this community.metamask.io/t/make…

【デジタル庁】のデジタル署名 GlobalSign GCC R3 PersonalSign ググってみた「SSLサーバ証明書」 国内シェアNO.1、販売実績1,070万枚 「GMO」とのこと 「GMO」が、そもそも信頼性に欠ける、と自分なんかは思ってしまうのだった

For example why not be able to set a MM account into Cold Wallet mode so it will only be able to personalsign and not sign raw tx ?? And why cant i set up an “allowlist” of verified smart contracts to interact with and nothing more ?

કામના સમાચાર : પર્સનલ ફોટો અને વીડિયોની જેમ જ સહીને પણ રાખો સાચવીને, નહીં તો આવી શકે છે પસ્તાવાનો વારો #PersonalPhoto | #Vides | #PersonalSign divyabhaskar.co.in/utility/n…

18/x The personalSign logic shows that a new function - hashPersonalMessage - is called, before the actual signature is done. This new function represents the real difference between ETH_SIGN and PERSONAL_SIGN.

17/x eth-sig-util is simply a group of signing functions - which is exactly what we are looking for. Within here, we should find personalSign.

16/x Looking around a bit - we can see that personalSign comes from the “eth-sig-util” package. By checking out the code there - we can see the real PERSONAL_SIGN logic.

15/x Looking at PERSONAL_SIGN, we can see the rabbit hole goes a bit deeper. Instead of simply signing the raw message data and returning it - a new “personalSign” function is being called with our message.

Organizations can still use the three-year validity on S/MIME and PersonalSign certificates as Apple delays the change to two-year max validity. okt.to/wi72v4 #PKI #InformationSecurity #Cybersecurity #GlobalSignAPAC #SecureEmail #SMIME #EmailSecurity #EmailEncryption

the fact that they dont just ask you for a personalsign on an autoglyph or a hoodie punk is insulting hah

eth_sendTransactionとかpersonalSignみたいなやつが、RPCのメソッドとして定義されてるのが筋悪だと思うんですよ。署名処理をなぜRPCで定義したんだという