concordium / concordium-ledger-app Goto Github PK

Description

There are some transactions where there are fields, which are X/100000, currently we show them like that, but it could be nice to them like as Y% instead.

Task description
The latest ledger-app-builder image does not work with the version of the nanox-secure-sdk that we use. Update the SDK to the newest version, and then it hopefully all works together. With the mismatch it fails to build for the nanox device.

Description
Protocol version 4 (delegation protocol) adds new chain updates, which needs to supported by the ledger.

The sub tasks reflect the changes needed to support the new protocol version.

Sub-tasks

• add pool parameters update (structure)
  • This updates changes:
    • the commision rates for the L-pool
    • the ranges of commisions rates allowed for other pools
    • Minimum equity capital required for a new baker.
    • Maximum fraction of the total staked capital that a new baker can have.
    • The maximum leverage that a baker can have as a ratio of total stake to equity capital.
• add cooldown parameters update (structure)
  • This updates changes the cooldown period for pool owners and delegators. (when reducing stake/closing)
• add time parameters update (structure)
  • This updates changes the "mint rate per pay day", and the "reward period length".
• add support for mint distribution v1 (in which the mint rate per slot is removed)
• add support for update level 2 keys v1
  • add the new parameter updates, remove baker stake threshold

Task description
When showing long keys and identifiers they are split by the paging functionality in a way that means each page can have a separate number of characters. As we want to be able to display the pages in the desktop wallet so that it is easier for the user to verify, we must ensure that each page has a constant length instead of being variable.

Current situation

da342689aac8704e9a         # screen 1 18 characters
23a9a0075adb6e3c93         # screen 2 18 characters
5abf6c137f897c7b50c        # screen 3 19 characters
f27c4dfdd                  # screen 4 9 characters

After this task is implemented

da342689aac8704e         # screen 1 16 characters
9a23a9a0075adb6e         # screen 2 16 characters
3c935abf6c137f89         # screen 3 16 characters
7c7b50cf27c4dfdd         # screen 4 16 characters

Places where this is needed:

• Public keys
• RegIdCred
• Account addresses
• IdCredPub
• RegId
• Baker keys
• Governance keys

Task description
Some of the instructions supported by the Concordium Ledger app span multi messages. Each of these message contain an INS byte which defines the current instruction processed. The security of the application can be improved by adding a check that ensures that an attacker cannot change the INS in the middle of such a message flow. The application already enforces the correct sequence of messages received for a given transaction, but an attacker could switch instructions and end up mixing two separate transactions. The user would still have to accept what is shown on the screen, but it is better to deny the attack.

See https://ledger.readthedocs.io/en/latest/additional/security_guidelines.html#protect-against-instruction-change-attacks for a description of the issue.

Bug Description
When signing an "add baker" transaction, Ledger immediately signs if double pressing while showing "Amount to stake" or "Restake earnings". Furthermore, the signature is wrong.

Steps to Reproduce

1. Make an "add baker" transaction ready for signing in the DW.
2. Click on the right button on the Ledger until "Amount to stake" or "Restake earnings" is shown.
3. Click on both buttons.

Expected Result
Nothing should happen.

Actual Result
The Ledger signs the transaction immediately, and the signature is wrong.

Versions

• Software Version: Physical Nano S version running Concordium 1.0.3 and an Nano X emulator.

Task description
Add support for the new Configure Delegation transaction.

Base the implementation on https://github.com/Concordium/concordium-base/pull/100/files (even though it has not been finalized).

Task description

• Firmware 1.0.2
• It is not possible to run loadcertificate.bat
• Recovery mode starts by holding left button instead of right button as it is on Nano S

Sub-tasks

• Development
• Test
• Documentation needs to be adjusted since the flow might end up bein a bit different compared to Nano S

Add label for component and priority.

Task description
Update the codebase so that it can also build for the Ledger Nano X using the latest (1.3.0) Nano X SDK. A makefile target must be added for building the .hex file binary for the Nano X that can be loaded into the speculos emulator provided by Ledger. A release build is not necessary for the Nano X as sideloading is not possible.

Bug Description
Inspecting steps during signing transaction with Ledger, I found that we refer to Pool Status as Open status.

Steps to Reproduce
Open a pool with DW.
Sign the transaction with Ledger.
Observe the step with the Pool Status.

Expected Result
Pool Status = Open
Pool Status = Closed For New
Pool Status = Closed For All

Actual Result
Open Status = Open
Open Status = Closed For New
Open Status = Closed For All

Versions

• Software Version: concordium-ledger-app-2.2.0-target-2.1.0

Description
Based on support issue 1048, it seems that Mac users are unable to double click the the install.sh script, due to working in home directory when double clicking.

Steps to Reproduce
Run make, then double click install.sh (I have not verified that this fails), but seems to be the case in support issue 1048.

Expected Result
The app gets installed

Actual Result

Versions

• Software Version 2.0.3
• Ledger Version 2.1.0

Description

It can be confusing when signing the configureBaker that there is a screen that just says "Transaction fee".

Jens suggested to have a screen before that, that says the next screens are commission rates.

Bug Description
Ledger description is still Amount(GTU) for signing a multisig simple transfer. Should be Amount(CCD) instead.

Steps to Reproduce

• sign a multisig simple transfer
• run through transaction on Ledger

Expected Result
Ledger displays CCD.

Actual Result
Ledger displays GTU.

Versions

• DW 1.3.1
• Ledger CCD app 2.0.1
• Ledger firmware 2.0.0

Bug Description
Shielding some amount of CCDs even if I have 0 on shielded amount would show that I have to Decrypt amount in the Ledger app.
This was a bit confusing and raised a question for me, what am I decrypting right now?

Steps to Reproduce
Make sure you have 0 on shielded balance.
Shield 50 CCDs.

Expected Result
Since I have to sign Decrypt in the Ledger app, official docs could elaborate why or what we have to decrypt in this case.

Actual Result
No documentation .

Versions

• Software Version: V 1.4.0-beta.0

Task description

When making a protocol update that includes auxiliary data, the Ledger will fail to sign if you accidentally press a button on it while loading the aux data. To reduce the risk of failure the app should display "Loading data, please wait" so that the user does not start pressing buttons because they believe the app has frozen.

Task description
The current application uses a lot of technical terms:

• PRF key
• IdCredSec
• IdCredPub
• RegIdCred
• RegId
• Identity provider
• Revocation threshold.
  The terms are part of the transactions being signed, but if the user does not understand what it means, then they are effectively signing a transaction that they do not understand. The technical terms have to be replaced by easier to understand terms, or come together with some form of description.

Bug Description
Ledger description is still microGTU/EUR for "update microCCD per Euro" transaction. Should be microCCD/EUR instead.

Steps to Reproduce

• make a "update microCCD per Euro" transaction
• run through transaction on Ledger

Expected Result
Ledger displays microCCD/EUR.

Actual Result
Ledger displays microGTU/EUR.

Versions

• DW 1.3.1
• Ledger CCD app 2.0.1
• Ledger firmware 2.0.0

Bug Description
Sometimes the end to end tests fail even though there is no issue with the production code. This seems to be because of a bug in Speculos (or Zemu) where some screens are sometimes not rendered correctly, i.e. the second line of text on a screen is blank even though it should contain some text.

Steps to Reproduce
Run end to end tests as a Github action a number of times and one of them will fail.

Expected Result
The tests should be stable, i.e. no changes to the code base should result in the tests staying green.

Actual Result
The test suite fails on a mismatch of images due to a snapshot having a blank line that we expected to contain some text.

Bug Description

When changing the cooldowns in the desktop wallet, the ledger shows the new values and asks for confirmation. But the pool owner cool down value shown is that of the delegator cooldown, and vice versa.

Steps to Reproduce

Make a transaction proposal for new cooldown values in the desktop wallet, click on generate and sign, look at the confirmation screen on the ledger.

Expected Result

The info on the ledger should match that of the desktop wallet, i.e., if the pool owner cooldown is x and the delegator cooldown is y, then the ledger should show this.

Actual Result

If the pool owner cooldown is x and the delegator cooldown is y on the desktop wallet, then the ledger shows y for the pool owner cooldown and x for the delegator cooldown.

Versions

• Concordium Desktop Wallet stagenet Version 1.4.0-alpha.0 (1.4.0-alpha.0)
• Concordium Ledger app version 2.20

Task description
When making new account credentials, the Ledger says "Review Transaction", and since it is technically not a transaction, it should say something like “Review Details” or “Review Credential”.

Task description
A part of the submission to Ledger requires us to provide device icons and an icon to be shown in the Ledger manager. This issue will create the icons and check them into the repository so that it is available for the submission.

See https://developers.ledger.com/docs/nano-app/design-requirements/#guidelines for details on the requirements.

Sub-tasks

• Fill out device icon template with the pixelated version of the Concordium logo.
• Fill out Ledger manager icon template with an appropriate version of the Concordium logo.

Bug Description
Attempting to make a scheduled transfer with memo shows below error message after the sender and the receiver account are confirmed on the Ledger.

Steps to Reproduce

• make scheduled transfer
• confirm sender and receiver account on Ledger

Expected Result
Transfer goes through.

Actual Result
Error message. Flow cannot be completed but hangs at "continue with transaction" on Ledger.

Versions

• DW 1.2.0-alpha
• Ledger app 1.0.3
• Windows

Task description
Add support for signing the new Configure Baker transaction defined in https://github.com/Concordium/concordium-base/pull/100/files.