Scanning QR code with certain characters in memo fails #1678
Comments
|
Hi @Tomas-M, Thank you for providing all the details about the issue! We'll check it and get back to you soon. |
|
We can reproduce the described issue. Zashi prompts users with this error handling in such a case: |
|
I just noticed this ZIP It looks like there is something different in base64 encoding, and my payment URL with + sign in memo (base64 encoded) is invalid. The payment URL should be However the iOS zashi app accepts it even with +. Not sure why. |
|
@Tomas-M Thanks for the update. We'll check the related Zip321 URI logic. |
|
The spec is clear:
If Zashi iOS accepts In general we do not follow the Postel-era RFC "Be generous in what you accept." dictum when writing or implementing Zcash specs —or at least we don't intend to— because it demonstrably results in significant security and interoperability problems over the long term. For discussion of this see RFC 9413: Maintaining Robust Protocols, originally drafted with less weasel-wording and under the better title "The Harmful Consequences of the Robustness Principle" (which ruffled a few political feathers with the IETF old-timers, sigh). Among other benefits, such as easier security analysis, that practice was intended to prevent situations such as that encountered in this issue: someone testing on one implementation (Zashi iOS) and then getting inconsistent behaviour on another (Zashi Android). In this case interoperability problems could also occur if filename-unsafe characters are mangled by some transmission channels, or inconsistently converted to/from a QR code. If we accepted the wider set of characters then we'd have to test all those cases (or whatever subset of them we were able to think of), and would be imposing a similar testing burden on other implementors. |
daira
changed the title
daira
added
invalid
|
@daira Thank you for clarification regarding your view on the dictum. Considering this, the iOS Zashi wallet does not follow this, since it perfectly accepts memo with pure base64 encoding (buggy relative to ZIP 321) even without the replaced + / = |
Filed as zashi-ios#1420, thanks.
For reference this is zashi-ios#1410. |
When I use zashi wallet for Android and I scan a QR code while sending money, it works most of the time, but fails when the memo includes certain characters in certain order.
For example, using memo as
A<BorB>Aworks fine, but using memo asA<>Bfails with message Error parsing query parameters.So, if the following text is in QR code, it works:
zcash:u19spl3y4zu73twemxrzm33tm3eefepecv4zdssn0hfd4tjaqpgmlcm9nhyjqlvaytwpknqjqctvdscjmg47ex20j03cu4gx3zmy26y2hunpenvw083dmtlq4y7re5rwsygpteq57wwllr3zhs4rw43j5puxgrcqdq4f9dd38qksl4f9p2hc7x3kj582zdjxsnj8urmnc3msfjw72kej0?amount=0.01&memo=QT5C
If the following text is in QR code, it works still:
zcash:u19spl3y4zu73twemxrzm33tm3eefepecv4zdssn0hfd4tjaqpgmlcm9nhyjqlvaytwpknqjqctvdscjmg47ex20j03cu4gx3zmy26y2hunpenvw083dmtlq4y7re5rwsygpteq57wwllr3zhs4rw43j5puxgrcqdq4f9dd38qksl4f9p2hc7x3kj582zdjxsnj8urmnc3msfjw72kej0?amount=0.01&memo=QTxC
But If the following text is in QR code, it fails
zcash:u19spl3y4zu73twemxrzm33tm3eefepecv4zdssn0hfd4tjaqpgmlcm9nhyjqlvaytwpknqjqctvdscjmg47ex20j03cu4gx3zmy26y2hunpenvw083dmtlq4y7re5rwsygpteq57wwllr3zhs4rw43j5puxgrcqdq4f9dd38qksl4f9p2hc7x3kj582zdjxsnj8urmnc3msfjw72kej0?amount=0.01&memo=QTw+Qg
To test, you can scan this QR code, which works:
And try this one which fails:
I would expect that both QR codes would be readable, so when scanning the failed QR code I would expect it fills in the memo
A<B>CIt is not a problem of < and > only, there are also problems with other characters, for example question mark followed by a letter seems to have problems, $ and % may have also some problems, etc. I assume there are more cases which will fail. I would expect that all ascii characters will be parsed correctly in all times.
The text was updated successfully, but these errors were encountered: