You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
this is wrong - we cannot ask for the transaction hash before the payment method is selected or the order is placed.
This bad flow was introduced with the security fixes for #8 - the problem is when fixing the problem there where obstacles to get an input field in the.
I do not think the user should enter the TX-Hash at all
I propose the following:
the user just selects the currency type:
then we show a QR (ERC-681) and a Web3Connect link (or js call) to trigger the payment
important is that the data-field gets a mandatory payment object ID - so we can prevent #8 and the sniping attack @pipermerriam pointed out
but this means in the beginning we can only take ETH and xDAI no DAI yet.
Later on (but IMHO not in wave 1 for DevCon) we should create a smart contract that accepts ETH and DAI with a function
EDIT: we can also take DAI by using the least significant bits of the value to encode the payment object ID (less than 5000WEI for DevCon - so in comparison to gas usage negligible)
The text was updated successfully, but these errors were encountered:
this is wrong - we cannot ask for the transaction hash before the payment method is selected or the order is placed.
This bad flow was introduced with the security fixes for #8 - the problem is when fixing the problem there where obstacles to get an input field in the.
I do not think the user should enter the TX-Hash at all
I propose the following:
the user just selects the currency type:
then we show a QR (ERC-681) and a Web3Connect link (or js call) to trigger the payment
important is that the data-field gets a mandatory payment object ID - so we can prevent #8 and the sniping attack @pipermerriam pointed out
but this means in the beginning we can only take ETH and xDAI no DAI yet.
Later on (but IMHO not in wave 1 for DevCon) we should create a smart contract that accepts ETH and DAI with a function
EDIT: we can also take DAI by using the least significant bits of the value to encode the payment object ID (less than 5000WEI for DevCon - so in comparison to gas usage negligible)
The text was updated successfully, but these errors were encountered: