For example, in Solidity, you can get the ID of the current chain through block.chainid
. Is there a function with similar functionality in the Concordium
chain?
There is no concept of “chainId” as such.
I think conceptually you would want to know the genesis block, that identifies the chain.
What is it that you would like to use this information for? Perhaps there is a better way with Concordium’s APIs.
I want to use it for signature verification. When signing, use the chainid as an attribute in the message to ensure that the signature can only be applied to the specified chain.
I’m relatively familiar with solidity, so I used some of my previous ideas on the evm chain here.
For example, if the same smart contract is deployed on both the ETH and BSC chains and has the same address, and signer A also has the same address on both chains, then the signature of signer A on the ETH chain may also be used on the BSC chain.
To prevent cross-chain attacks
Dear Soullee,
On Concordium, there is one thing different compared to EVM chains and that is that your accountAddress on testnet and mainnet is different. Meaning if you use the same identity and send it to
the
identity providers, the Concordium wallet
s
use different key derivation parth
s
for mainnet and testnet so that your account address is different. Meaning you can not re-play the same signature between mainnet/testnet (because your account does not exist on the other chain).
The key derivation path is the same between testnet/stagenet (just in case you wonder),
so there you have the same account address.
If you
r intention is to verify a
SignatureEd25519 generated by a
PrivateKeyEd25519 in the smart contract (where you have generated the keys yourself – no accountKeys from the Concordium wallet), then yes, you want to add a
contextString(chainId/GenesisHash+contractIndex) to the object that you sign. Currently, we don’t have a
chainId/GenesisHash exposed in the smart contract, so you would need to hardcode it in the smart contract or set it when you initialize the contract.
@soullee As a rule you really should not be reusing keys across different environments, so that’s one thing.
Another is, as Doris mentioned, that if you are doing that then you should add context strings to your signature that the contract checks. For example using contract address and the timestamp of when the contract was deployed is likely sufficient for your needs. You could also add some randomness if you really wanted. But generally your contract will not be deployed at exactly the same time on testnet and mainnet.