concordium / concordium-ledger-app Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
License: Apache License 2.0
Description
There are some transactions where there are fields, which are X/100000, currently we show them like that, but it could be nice to them like as Y% instead.
Task description
The latest ledger-app-builder image does not work with the version of the nanox-secure-sdk that we use. Update the SDK to the newest version, and then it hopefully all works together. With the mismatch it fails to build for the nanox device.
Description
Protocol version 4 (delegation protocol) adds new chain updates, which needs to supported by the ledger.
The sub tasks reflect the changes needed to support the new protocol version.
Sub-tasks
Task description
When showing long keys and identifiers they are split by the paging functionality in a way that means each page can have a separate number of characters. As we want to be able to display the pages in the desktop wallet so that it is easier for the user to verify, we must ensure that each page has a constant length instead of being variable.
Current situation
da342689aac8704e9a # screen 1 18 characters
23a9a0075adb6e3c93 # screen 2 18 characters
5abf6c137f897c7b50c # screen 3 19 characters
f27c4dfdd # screen 4 9 characters
After this task is implemented
da342689aac8704e # screen 1 16 characters
9a23a9a0075adb6e # screen 2 16 characters
3c935abf6c137f89 # screen 3 16 characters
7c7b50cf27c4dfdd # screen 4 16 characters
Places where this is needed:
Task description
Some of the instructions supported by the Concordium Ledger app span multi messages. Each of these message contain an INS
byte which defines the current instruction processed. The security of the application can be improved by adding a check that ensures that an attacker cannot change the INS
in the middle of such a message flow. The application already enforces the correct sequence of messages received for a given transaction, but an attacker could switch instructions and end up mixing two separate transactions. The user would still have to accept what is shown on the screen, but it is better to deny the attack.
See https://ledger.readthedocs.io/en/latest/additional/security_guidelines.html#protect-against-instruction-change-attacks for a description of the issue.
Bug Description
When signing an "add baker" transaction, Ledger immediately signs if double pressing while showing "Amount to stake" or "Restake earnings". Furthermore, the signature is wrong.
Steps to Reproduce
Expected Result
Nothing should happen.
Actual Result
The Ledger signs the transaction immediately, and the signature is wrong.
Versions
Task description
Add support for the new Configure Delegation transaction.
Base the implementation on https://github.com/Concordium/concordium-base/pull/100/files (even though it has not been finalized).
Task description
Sub-tasks
Add label for component and priority.
Task description
Update the codebase so that it can also build for the Ledger Nano X using the latest (1.3.0) Nano X SDK. A makefile target must be added for building the .hex
file binary for the Nano X that can be loaded into the speculos emulator provided by Ledger. A release build is not necessary for the Nano X as sideloading is not possible.
Bug Description
Inspecting steps during signing transaction with Ledger, I found that we refer to Pool Status as Open status.
Steps to Reproduce
Open a pool with DW.
Sign the transaction with Ledger.
Observe the step with the Pool Status.
Expected Result
Pool Status = Open
Pool Status = Closed For New
Pool Status = Closed For All
Actual Result
Open Status = Open
Open Status = Closed For New
Open Status = Closed For All
Versions
Description
Based on support issue 1048, it seems that Mac users are unable to double click the the install.sh script, due to working in home directory when double clicking.
Steps to Reproduce
Run make, then double click install.sh (I have not verified that this fails), but seems to be the case in support issue 1048.
Expected Result
The app gets installed
Actual Result
Versions
Description
It can be confusing when signing the configureBaker that there is a screen that just says "Transaction fee".
Jens suggested to have a screen before that, that says the next screens are commission rates.
Bug Description
Ledger description is still Amount(GTU) for signing a multisig simple transfer. Should be Amount(CCD) instead.
Steps to Reproduce
Expected Result
Ledger displays CCD.
Actual Result
Ledger displays GTU.
Versions
Bug Description
Shielding some amount of CCDs even if I have 0 on shielded amount would show that I have to Decrypt amount in the Ledger app.
This was a bit confusing and raised a question for me, what am I decrypting right now?
Steps to Reproduce
Make sure you have 0 on shielded balance.
Shield 50 CCDs.
Expected Result
Since I have to sign Decrypt in the Ledger app, official docs could elaborate why or what we have to decrypt in this case.
Actual Result
No documentation .
Versions
Task description
When making a protocol update that includes auxiliary data, the Ledger will fail to sign if you accidentally press a button on it while loading the aux data. To reduce the risk of failure the app should display "Loading data, please wait" so that the user does not start pressing buttons because they believe the app has frozen.
Task description
The current application uses a lot of technical terms:
Bug Description
Ledger description is still microGTU/EUR for "update microCCD per Euro" transaction. Should be microCCD/EUR instead.
Steps to Reproduce
Expected Result
Ledger displays microCCD/EUR.
Actual Result
Ledger displays microGTU/EUR.
Versions
Bug Description
Sometimes the end to end tests fail even though there is no issue with the production code. This seems to be because of a bug in Speculos (or Zemu) where some screens are sometimes not rendered correctly, i.e. the second line of text on a screen is blank even though it should contain some text.
Steps to Reproduce
Run end to end tests as a Github action a number of times and one of them will fail.
Expected Result
The tests should be stable, i.e. no changes to the code base should result in the tests staying green.
Actual Result
The test suite fails on a mismatch of images due to a snapshot having a blank line that we expected to contain some text.
Bug Description
When changing the cooldowns in the desktop wallet, the ledger shows the new values and asks for confirmation. But the pool owner cool down value shown is that of the delegator cooldown, and vice versa.
Steps to Reproduce
Make a transaction proposal for new cooldown values in the desktop wallet, click on generate and sign, look at the confirmation screen on the ledger.
Expected Result
The info on the ledger should match that of the desktop wallet, i.e., if the pool owner cooldown is x and the delegator cooldown is y, then the ledger should show this.
Actual Result
If the pool owner cooldown is x and the delegator cooldown is y on the desktop wallet, then the ledger shows y for the pool owner cooldown and x for the delegator cooldown.
Versions
Task description
When making new account credentials, the Ledger says "Review Transaction", and since it is technically not a transaction, it should say something like “Review Details” or “Review Credential”.
Task description
A part of the submission to Ledger requires us to provide device icons and an icon to be shown in the Ledger manager. This issue will create the icons and check them into the repository so that it is available for the submission.
See https://developers.ledger.com/docs/nano-app/design-requirements/#guidelines for details on the requirements.
Sub-tasks
Bug Description
Attempting to make a scheduled transfer with memo shows below error message after the sender and the receiver account are confirmed on the Ledger.
Steps to Reproduce
Expected Result
Transfer goes through.
Actual Result
Error message. Flow cannot be completed but hangs at "continue with transaction" on Ledger.
Versions
Task description
Add support for signing the new Configure Baker transaction defined in https://github.com/Concordium/concordium-base/pull/100/files.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.