-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create a wallet page to provide wallet developers guidance about account creation #856
Comments
I think we should call out the different key types (EC and ED) and caveats for using one or the other.
We should also highlight the risks involved in key rotation/setting EVM Address (maybe in a separate section of docs) if the account having its key rotated or EVM address set has interacted with smart contracts. |
Creating an issue for a separate doc on key rotation: #858 |
I agree with @gregscullard , showing the attributes of key types is a good addition for users. The one point I'm not sure about:
It's not that they can't, it's that they shouldn't. Unsure how hardened our language wants to be in this scenario. They can still execute a transaction to update the keys on that account. |
Agreed with @ty-swirldslabs . |
I think my own confusion here highlights the fact that we need to be explicit on this (imo), if you can do something that later will result in loss of assets, we should be clear about it. |
So, if I created an account with PrivateKeyA and EVMAddressA, then rotate to PrivateKeyB, ECRecover will work if I later sign a payload with PrivateKeyA right ? |
Here's a pass at creating a breakdown of the key types and EVM address combos with recommendations. Key Types and EVM Address CombosRecommendations for the Community
ECDSA Key with Standard EVM Address (Derived from ECDSA Public Key, e.g., 0xFFFF...)
Auto-Created ECDSA Key (EVM Address Derived from Public Key)
ED25519 (No EVM Address or Alias)
ECDSA Key with Long Zero EVM Address (Derived from Hedera Account ID, e.g., 0x000...)
|
Problem
There are different ways wallets can create accounts for their users.
(1) Create account in batch -> update the key on the account when it assigned the user
(2) Create an account on demand
For each method we need to walk the developer through all the things they need to consider.
For (1) the recommendation is to create an account with an ECDSA key. Then when the account is assigned to the user the ECDSA key is updated and the EVM address is set. This depends on HIP-1082 to allow updating of aliases on accounts hashgraph/hedera-improvement-proposal#1082
For (2) the recommendation is to create accounts and set the evm address.
What other points need to be included in this document @gregscullard @serg?
Solution
see above
Alternatives
No response
The text was updated successfully, but these errors were encountered: