You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed a pretty evil validation-bug concerning the distribution app or Metamask. I used the distribution app with Metamask (Period #58), claimed the token and used the "Transfer EOS Token"-Function. When I copy & pasted my ETH-Address in the website's form field, I accidentally pasted a leading whitespace character. I received no validation error and instead something really terrible happened: Metamask or the distribution app changed my eth-address by 1 character (treating the whitespace as a zero)
My actual Ether address: 0x4eedbdcf82fd0091887b48ba2329afac6034715d
The address the token was transferred to: 0x04eedbdcf82fd0091887b48ba2329afac6034715
As you can see the addresses are similar except of one character (the leading zero).
My suspicion is that Metamask somehow shifted the address string by replacing the whitespace with a zero and then cutting the rest of the string to fit the default address length (removing the trailing "d"-character).
I know there is no way of getting my funds back. But the form should have some sort of validation to check for leading and trailing whitespaces even if the bug originates from metamask.
Here is the txHash of the faulty transaction (in case you want to look into it): 0xbe9e7ea9e0f14a2a83db832a97c91405fcf3d1777263f47c28e11603faf3408f
The text was updated successfully, but these errors were encountered:
I noticed a pretty evil validation-bug concerning the distribution app or Metamask. I used the distribution app with Metamask (Period #58), claimed the token and used the "Transfer EOS Token"-Function. When I copy & pasted my ETH-Address in the website's form field, I accidentally pasted a leading whitespace character. I received no validation error and instead something really terrible happened: Metamask or the distribution app changed my eth-address by 1 character (treating the whitespace as a zero)
My actual Ether address: 0x4eedbdcf82fd0091887b48ba2329afac6034715d
The address the token was transferred to: 0x04eedbdcf82fd0091887b48ba2329afac6034715
As you can see the addresses are similar except of one character (the leading zero).
My suspicion is that Metamask somehow shifted the address string by replacing the whitespace with a zero and then cutting the rest of the string to fit the default address length (removing the trailing "d"-character).
I know there is no way of getting my funds back. But the form should have some sort of validation to check for leading and trailing whitespaces even if the bug originates from metamask.
Here is the txHash of the faulty transaction (in case you want to look into it): 0xbe9e7ea9e0f14a2a83db832a97c91405fcf3d1777263f47c28e11603faf3408f
The text was updated successfully, but these errors were encountered: