Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gracefully degrade to blind signing in the known transaction, unknown structure case #39

Open
cwgoes opened this issue May 8, 2024 · 4 comments

Comments

@cwgoes
Copy link

cwgoes commented May 8, 2024

When the Ledger app receives a known transaction (by tag) with an unknown structure, we should gracefully degrade (instead of crash), and allow the user to blind-sign, if they want.

@chcmedeiros
Copy link
Collaborator

Hey @cwgoes! With unknown structure you mean, not having the sections the app is expecting (Code, Data, signature ....) ?

@Fraccaman
Copy link

yeah exactly! @cwgoes

@cwgoes
Copy link
Author

cwgoes commented Jun 6, 2024

@murisi Can you help clarify here? I believe this was from our discussion.

@murisi
Copy link
Contributor

murisi commented Jun 6, 2024

@murisi Can you help clarify here? I believe this was from our discussion.

Sure, let me try... I think that Namada transactions can be understood in two layers: the container format and the data formats. The container format describes the structure of the header and the various sections including the code section, data section, and extra data section. The data formats describe how the bytes inside the data section, extra data section, and other sections are interpreted. I.e. the bytes inside a data section may be interpreted as a Transfer, or a Bond, or something else. It should be possible to parse and sign the container even if the data format is unrecognized.

We would like hardware wallet blind signing to work in the case where the container is valid, but the data is invalid. I.e. if the hardware wallet fails to read the bytes in a data section as a Transfer (and display the source, target, amount, and token fields), then it should simply ask the user whether they would like to sign the unrecognized Transfer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants