Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat: natively support clear signing with Ledger #4416

Merged
merged 17 commits into from
Dec 17, 2024
Merged

Conversation

iamacook
Copy link
Member

@iamacook iamacook commented Oct 24, 2024

What it solves

The inability to perform clear signing with Ledger devices.

How this PR fixes it

This replaces the outdated @web3-onboard/ledger module, which relied on an archived Ledger package, with a custom module built on Ledger's new Web Management Device Kit.

How to test it

Connect a Ledger device and test each RPC method (which corresponds to each SDK method):

  • Successful connection (accounts)
  • Signing a message (signing)
  • Signing a transaction (signing typed data)
  • Executing a transaction (sending a transaction)

Checklist

  • I've tested the branch on mobile 📱
  • I've documented how it affects the analytics (if at all) 📊
  • I've written a unit/e2e test for it (if applicable) 🧑‍💻

@iamacook iamacook self-assigned this Oct 24, 2024
Copy link

github-actions bot commented Oct 24, 2024

Copy link

github-actions bot commented Oct 24, 2024

Coverage report

St.
Category Percentage Covered / Total
🟡 Statements
73.84% (-0.06% 🔻)
14385/19480
🔴 Branches
51.39% (-0.05% 🔻)
3433/6680
🔴 Functions
56.77% (-0.08% 🔻)
2041/3595
🟡 Lines
75.37% (-0.07% 🔻)
13045/17308
Show files with reduced coverage 🔻
St.
File Statements Branches Functions Lines
🔴
... / useIsExpiredSwap.ts
50% (-50% 🔻)
25% (-75% 🔻)
40% (-60% 🔻)
45% (-55% 🔻)

Test suite run success

1707 tests passing in 231 suites.

Report generated by 🧪jest coverage report action from 0358027

@@ -0,0 +1,349 @@
import type { DeviceActionState } from '@ledgerhq/device-management-kit'
import type { SignTransactionDAOutput, SignTypedDataDAOutput, TypedData } from '@ledgerhq/device-signer-kit-ethereum'
import type { GetAddressCommandResponse } from '@ledgerhq/device-signer-kit-ethereum/api/app-binder/GetAddressCommandTypes.js'
Copy link

@valpinkman valpinkman Oct 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can be imported directly from the index on the package. it should not be imported directly with a direct path.

If the export is not present in the index, please file an issue here https://github.com/LedgerHQ/device-sdk-ts/issues, it's probably a bug / we forgot to export it

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It doesn't seem possible as GetAddressCommandResponse is not exported from the relevant barrel file.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello 👋 In fact it's the wrong type that you are using, it should be GetAddressDAOutput, and this one is accessible 👍

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(in the end they are equal)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you. I changed it in 05f3955.

Copy link

@iamacook iamacook changed the title WIP: fix: natively support clear signing with Ledger fix: natively support clear signing with Ledger Nov 6, 2024
@@ -13,7 +13,7 @@
"noEmit": true,
"esModuleInterop": true,
"module": "esnext",
"moduleResolution": "node",
"moduleResolution": "Bundler",
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is required to support the SDK.

import type {
Permission,
PermissionRequest,
} from 'node_modules/@safe-global/safe-apps-sdk/dist/types/types/permissions'
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This (and the other similar changes) are required to support the adjusted moduleResolution.

Copy link

github-actions bot commented Nov 6, 2024

📦 Next.js Bundle Analysis for safe-wallet-web

This analysis was generated by the Next.js Bundle Analysis action. 🤖

🎉 Global Bundle Size Decreased

Page Size (compressed)
global 1016.34 KB (🟢 -139 B)
Details

The global bundle is the javascript bundle that loads alongside every page. It is in its own category because its impact is much higher - an increase to its size means that every page on your website loads slower, and a decrease means every page loads faster.

Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis

If you want further insight into what is behind the changes, give @next/bundle-analyzer a try!

Two Pages Changed Size

The following pages changed size from the code in this PR compared to its base branch:

Page Size (compressed) First Load
/transactions 96.88 KB (🟡 +220 B) 1.09 MB
/transactions/history 96.84 KB (🟡 +220 B) 1.09 MB
Details

Only the gzipped size is provided here based on an expert tip.

First Load is the size of the global bundle plus the bundle for the individual page. If a user were to show up to your website and land on a given page, the first load size represents the amount of javascript that user would need to download. If next/link is used, subsequent page loads would only need to download that page's bundle (the number in the "Size" column), since the global bundle has already been downloaded.

Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis

Next to the size is how much the size has increased or decreased compared with the base branch of this PR. If this percentage has increased by 20% or more, there will be a red status indicator applied, indicating that special attention should be given to this.

@@ -3,7 +3,7 @@ import useShowOutreachPopup from '../useShowOutreachPopup'
import * as useIsSafeOwner from '@/hooks/useIsSafeOwner'
import * as store from '@/store'
import { HOUR_IN_MS } from '../../constants'
import { faker } from '@faker-js/faker/.'
import { faker } from '@faker-js/faker'
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These were causing lint errors.

Comment on lines +2 to +3
import { type fakeBaseQuery } from '@reduxjs/toolkit/query/react'
import type { EndpointBuilder } from '@reduxjs/toolkit/query/react'
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These were causing lint errors.

@iamacook iamacook marked this pull request as ready for review December 12, 2024 12:00
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code review by ChatGPT

SignTypedDataDAOutput,
TypedData,
} from '@ledgerhq/device-signer-kit-ethereum'
import type { Chain, WalletInit, WalletInterface } from '@web3-onboard/common'

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider renaming mapOutput to enhance clarity and intent. Ensure that the function's purpose is immediately understandable, especially when it's within a broader context with potential side effects or transformations.

@katspaugh katspaugh changed the title fix: natively support clear signing with Ledger Feat: natively support clear signing with Ledger Dec 17, 2024
@francovenica
Copy link
Contributor

francovenica commented Dec 17, 2024

Testing using ledger X, last firmware 2.4.0
I get this error trying to sign a message:
Everytime I try I get an error message with a different address saying that is not the owner:
image

The message is created by using the EIP1271 dummy app. I had no issues signing the message with MM, so it seems the message itself is not the problem

@liliya-soroka
Copy link
Member

liliya-soroka commented Dec 17, 2024

Verified.
Only the Review type message is displayed with Message Hash in readable view with the correct Message Hash.

Notes:
The next topics are out of scope and will be tackled later in separate PRs

  • Domain hash for txs and messages when direct connection is used
  • Message hash for off-chain messages on UI
  • Message hash for nested txs

@iamacook iamacook merged commit 1a3188b into dev Dec 17, 2024
15 checks passed
@iamacook iamacook deleted the new-ledger-module branch December 17, 2024 16:17
@github-actions github-actions bot locked and limited conversation to collaborators Dec 17, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

7 participants