trezor / community Goto Github PK
View Code? Open in Web Editor NEW:couple: TREZOR Developer Community Discussion
:couple: TREZOR Developer Community Discussion
Looking through the JS console log on beta-wallet.trezor.io, it appears that the sequence number for inputs on TXNs are still listed as 4294967295
or 0xFFFFFFFF
. RBF (BIP 125) suggests decrementing the sequence for inputs to 4294967294
(0xFFFFFFFE
) or lower to explicitly opt-in to RBF protocols. Ideally this would be a checkbox on the Send interface that would allow RBF (off/on) for the particular TXN.
These assessments could be incorrect since I was hesitant to spend the amount of money required to put an actual TXN on the network. I simply tried to see what trezor.js
was sending over the wire to the FW for signing and deduced that RBF appeared to be off (not opt-in).
Please add support sign/verify support for P2SH-segwit and bech32-segwit address. This would allow a Trezor HW Wallet owner to sign messages and direct non-Trezor wallet owners to https://btc-bitcore1.trezor.io/messages/verify, or perhaps a beta site like https://btc-bitcore1.trezor.io/messages/beta-verify
Today I wanted to use the built-in Exchange feature in Trezor Suite converting BTC for ETH using Change Hero. My transaction has been flagged as "suspicious" by their KYC department. Then you have two choices, either you go through the KYC procedure or you accept a refund minus 10% (see https://changehero.io/faq at the end).
It's not an easy choice but I decided to KYC. I provide my ID card plus a photo of me holding it as they ask. However they still refused to process the transaction and asked for an additional Source of Funds statement.
We would kindly ask you to provide us with the Source of Funds. It is the document that represents the origin of the funds that were sent to ChangeHero for the exchange (e.g. your trade history where it is clear that the account belongs to you, your purchase of sent crypto for fiat, bank statement or other documents that demonstrate the fact of you obtaining the amount of crypto in question).
You have to understand that those coins I sent were kept in cold storage for years. I genuinely have no idea of the exact source of funds. It is like asking where this bank note you have in your pocket comes from?
I was then forced to accept a partial refund with a 10% cut.
So as you can see it is a clever scam. First the terms are totally abusive. But second you are screwed whatever you do. Nobody keep tracks of all payments, knowing where each utxo comes from, especially a cold storage that you don't touch often.
Change Hero should be removed from the Exchange providers on Trezor Suite!
In the Ordering and Shipping FAQ on wiki.trezor.io there is a link to Amazon that does not filter by merchant. Amazon will (seemingly) randomly determine which merchant that particular link will arrive at. This would lead a customer from a trezor.io
site directly do a malicious Amazon merchant.
I'd suggest you link directly the the Trezor Offical Amazon store instead
Please change the links of docs to:
https://wiki.trezor.io/User_manual
https://wiki.trezor.io/Developers_guide
https://wiki.trezor.io/Security
https://wiki.trezor.io/FAQ
I just upgraded to FW version 1.8.0 and python-trezor v0.11.2. Running Python 3.7 on Windows. Tried the following:
trezorctl self-test
I have no real need to run the self test, I was just curious about how it worked and how long it took to run. Don't mind leaving it running overnight as long as it doesn't have any unintended consequences.
Would be cool to see that in password manager, like in 1password where I can make several fields, name them and add content. useful for mnemonic seeds, credit cards data.
Eg The app when deployed on vercel will not find trezor devices
When the app is running on localhost: https://github.com/ta32/tpm/tree/logging
The trezor connect popup appears and I can see device events being sent.
export async function initTrezor(
appUrl: string,
deviceEventCallback: (event: DeviceEventMessage) => void
) {
console.log("initTrezor for appUrl: ", appUrl);
await TrezorConnect.init({
transportReconnect: true,
debug: true,
popup: true,
lazyLoad: false,
manifest: {
email: "[email protected]",
appUrl: appUrl,
},
})
.catch((error) => {
console.log("TrezorConnect init error");
return error;
});
TrezorConnect.on(DEVICE_EVENT, deviceEventCallback);
}
The deviceEventCallback is only triggered when the app is running from localhost
When its working the log will look like this
I am currently working on porting the slip--39 to javascript. I plan to host it as a npm library an expose the gen-mnemonic interface. I am just to the point of working on the c code interface, but I wanted to reach out about having the code reviewed when it is completed. I will have a testing suite but I wanted to reach out ahead of time and see if there was a process to go through to get code like this reviewed by anyone at trezor or in the community before its released into the wild.
Tried the password manager on about 20 sites, most work, even ones requiring additional PINs or additional 2-factor authentication. Here are a 3 sites that I'm having authentication failures: 1) bitcoin.stackexchange.com, 2) gyft.com, 3) adp.com. Obviously, the login URLs can be chased down from the URLs above.
Hi team,
Not sure if this should be addressed by Support ticket, but here it goes.
I'm unable to use Trezor with Edge(latest) browser running on Android. I find it weird since it's running on Chromium base.
The page tells the browser is not supported and directs me to Chrome or FireFox.
Indeed it works on Chrome for mobile.
Could it have to do with simple User-agent identification?
Thanks
There was recently a paper (Low-Level Attacks in BitcoinWallets) published that outlines HID transport attack vector on other HW wallets. One attack (page 12, sec b.1-b.2) that seemed the most dangerous was the modification of destination and "change" addresses in TXNs as they are sent to a HW wallet for signing. Obviously, the destination address that is signed is displayed on the Trezor before the user ACKs the TXN that would neuter such attacks, but is modification of the "change" address using this attack vector possible.
Or to state differently...
Keep in mind this an attack at the transport layer so safeguards in the application layer may not suffice.
Ravencoin (RVN) is listed as a supported coin on the Trezor website. https://trezor.io/coins/
Our web wallet (Mango Farm) now supports Trezor with RVN. https://www.mangofarmassets.com
The Trezor site currently states โNo wallet yet.โ May we get listed on the Trezor site as a RVN wallet?
In addition, it is known to us that Trezor is supported by the RVN electrum fork. We did not develop this but are passing it along in case you were not aware. Perhaps this could be added as well. https://github.com/traysi/electrum-raven/releases/
Thank you.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.