Metamask-extension: Ledger produces incorrect personal_sign signautres

Created on 16 Jun 2020 · 2Comments · Source: MetaMask/metamask-extension

Describe the bug
When using a Ledger hardware wallet MetaMask will return an incorrect signature when a personal_sign is being requested. This is specific to Ledger, works fine with Trezor.

To Reproduce (REQUIRED)

produce a personal_sign signature with metamask in the browser console:

> ethereum.sendAsync({ jsonrpc: '2.0', id: 1, method: 'personal_sign', params: ['0x6d7367', '0x73120171D5f26C93F7472b0f4F4C94C300264Bcb'] }, (a, x) => console.log(x.result))

0xfcd04509a330684eff11f6f4a872a592c33024f6d16022011f35323cb77147dd18f5600f22179721691ce4f3a2d7ee90adf6309bf86fb4bfb0740a330f8f539b01

Try to recover the signature using @ethersproject/wallet in a node console:

require('@ethersproject/wallet).verifyMessage('msg', '0xfcd04509a330684eff11f6f4a872a592c33024f6d16022011f35323cb77147dd18f5600f22179721691ce4f3a2d7ee90adf6309bf86fb4bfb0740a330f8f539b01')
'0x1d741B84405D5D6cb4F05b5A74ac5588F2149B90'

Expected behavior
When recovering the signature the same address as used in MetaMask should be returned.

Browser details (please complete the following information):

Hardware Wallet: Ledger Nano S Firmware version 1.6.0
MetaMask Version: 7.7.9

Source

oed

Most helpful comment

Hey, thanks for the reply @whymarrh! It looks like it's indeed a problem with [email protected] (it's not in beta anymore)

Here is the issue on their repo for anyone that wants to follow along: https://github.com/ethers-io/ethers.js/issues/893

oed on 16 Jun 2020

👍2

All 2 comments

This might be an issue with the beta version of Ethers used here.

Using ethers@4 I see the correct address:

$ yarn add 'ethers@4'
✨  Done in 0.20s.
$ node
> require('ethers').utils.verifyMessage('msg', '0xfcd04509a330684eff11f6f4a872a592c33024f6d16022011f35323cb77147dd18f5600f22179721691ce4f3a2d7ee90adf6309bf86fb4bfb0740a330f8f539b01')
'0x73120171D5f26C93F7472b0f4F4C94C300264Bcb'