The Ethereum Transaction Authenticator allows users to perform actions with their Ethereum account (Gnosis Safe...).
Actions can be creating a new proposal (propose), updating a proposal (updateProposal) or voting on a proposal (vote).
The flow for the user is quite simple: they commit their action to the Starknet Commit Contract. This contract then bridges the data to Starknet, and the commit is stored on Starknet. Once stored, our transaction relayer, Mana, triggers the action on Starknet, without the user having to interact with Starknet at all.
The piece of data that the user commits to is a hash, not the full data. This means that, in the UI, the user does not see what data he is signing, he only sees a hash of it. To avoid malicious users taking advantage of this, we've created this repository to allow users to easily check the data they're signing.
By using this tool, you can see what you are signing, and independently ensure that you are committing the correct data.
- Clone this repository:
git clone https://github.com/snapshot-labs/hash-verifier.git
cd hash-verifier- Install:
yarn- Copy the hash from your Gnosis Safe UI (both hex and decimal formats are supported)
- Verify it
yarn verify <hash>
For testing purposes, we have a transaction that we have never broadcast, this way you can try it yourself.
yarn verify 0x62abf12fcadc73d129acf8f762a806654936daca722c2ec546dcdcb2ec9c91b --network sepoliaNote: When verifying a vote action, the choice parameter corresponds to:
0for Against1for For2for Abstain
What this simple script does is fairly simple:
- First we use the code in
./src/index.tsto parse the command and transform the hash to its hexadecimal format. - In
./src/verify.tswe then queryhttps://mana.boxto get the information related to the hash that was given as input. - Next we display the information on your screen.
- Finally, we hash all this information and checks that it corresponds to the hash given as input. If it does, we display a little check mark.