Check out the Issue Explorer
Looking to fund some work? You can submit a new Funded Issue here.
The [signMessage](https://github.com/web3j/web3j/blob/master/crypto/src/main/java/org/web3j/crypto/Sign.java#L47) operation does not correctly prefix the message with `"\19Ethereum Signed Message:\n" + len(message)`, which means it does not inter-operate with any other library or Ethereum node.
It is also a serious security vulnerability, since I could request the signing of a message such as `0xbf0067909b4332f01c3ab9e228857a4cd61b39358605b2cebdfb1ea1d35e0d44`, which may seem odd, but as the UI states I am simply signing a message, it is not obvious I am actually signing a transaction to send myself 1 ether from that account.
The reason for prefixing is that it enforces that the signed data is invalid as a transaction.
See [ethers.js](https://github.com/ethers-io/ethers.js/blob/master/wallet/wallet.js#L315) for an example of how to hash messages for signing.
Here is the specification of [eth_sign](https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign).
The following issues are related:
- https://github.com/ethers-io/ethers.js/issues/190 (how I originally discovered this issue)