0x Order Verification Tool
Ethfinex has developed an open-source order verification tool for users to manually verify 0x order hashes as correct before signing with MetaMask.
This tool is designed to remove the element of trust associated with signing messages on MetaMask, where signers currently do not have the required metadata to effectively display and/or verify an applications true intent.
Users of the 0x protocol are required to cryptographically sign order hashes with their Ethereum private keys. This can be done using e.g. MetaMask. It is, however, currently difficult and complex for users to be certain that the order hash they are signing is indeed the data that they are expecting.
The order verification tool allows users to manually verify that the 0x-generated order hash they are signing with their private key is, in fact, the JSON conforming to the 0x order schema that they expected and that it has not been tampered with by any malicious parties.
Rationale
An increasing number of high level, Ethereum-based protocols are starting to come to light, including the likes of the 0x protocol. For reasons of scalability, these protocols can choose to sign a segment of data off-chain, which can be triggered on-chain through the use of signed messages.
The current eth-sign approach allows for the signing of relatively random data, without proof of type, structure or possible interference. The only way to confirm validity of what is being signed is through re-hashing the data in an independent script and manually checking that they match.
Usage
To verify 0x orders using our order verification tool:
- Copy a 0x JSON order from the Ethfinex exchange portal or any other source (this should be provided before request to sign with MetaMask). This order format is human readable and the fields accuracy should be checked.
- Paste the order into the first box in the tool, named Order Parameters.
- Copy the hash MetaMask asks you to sign and paste into the second box, named Hashed Order.
- Press Verify to receive a confirmation that the hash is valid.
- Sign using MetaMask.
Long Term Solutions
The order verification tool above is a short-term solution developed by Etfhinex to improve user security. It is our hope that increasingly secure and user-friendly alternatives are soon to appear.
The above tool is open-source and for use by members of the 0x/Ethereum community. We welcome any feedback and look forward to hearing your thoughts.
Learn more about Ethfinex & stay up to date:
- Sign up to our newsletter
- Follow us on Twitter
- Subscribe to our subreddit
- Read our whitepaper
