Possible to generate address on Trezor after disconnecting

[Canialon]

Faced with the problem that it is possible to use Trezor even after disconnecting the physical device.

1. connect you Trezor
2. activate any coin
3. unplug Trezor device
4. try to generate a new address

Actual result:
Users can generate as many addresses as user wants without a connected Trezor device. It doesn't seem right. And haven’t found anything strange in the logs.

It seems that after disconnecting the device, the user should lose any access to his data and the ability to use them (including address generation). In this case, the user will be sure of the safety of his assets and trust as more at least.
It is also possible that address generation should not be left unchecked. It would be nice to ask for confirmation on the Trezor device screen if the user really wants to generate an address. This will solve the problem above

UPD:
so yes there are two topics:

1. confirm generating new address on the Trezor device
2. block access to your wallet if Trezor device was unplugged

[sergeyboyko0791]

Thanks for the issue!

We can ask the user to confirm the new address. Then if the Trezor device is disconnected, we'll return an error.

Users can generate as many addresses as user wants without a connected Trezor device.

This is the topic for discussion. The first (and probably the only one) way how to implement this is to notify the GUI that the device is disconnected. GUI in its turn should disable all coins activated with this Trezor.
@yurii-khi what do you think?

It seems that after disconnecting the device, the user should lose any access to his data and the ability to use them (including address generation). In this case, the user will be sure of the safety of his assets and trust as more at least.

[yurii-khi]

We can ask the user to confirm the new address. Then if the Trezor device is disconnected, we'll return an error.

Users can generate as many addresses as user wants without a connected Trezor device.

This is the topic for discussion. The first (and probably the only one) way how to implement this is to notify the GUI that the device is disconnected. GUI in its turn should disable all coins activated with this Trezor. @yurii-khi what do you think?

If by 'We can ask the user to confirm the new address' you mean 'confirm on trezor device' then I totally agree. It will also resolve second problem. One can not simply confirm address on device, if device was disconnected )
But if, for some reason, it's impossible to confirm new address on trezor, we could consider blocking UI with some sort of modal when unplug trezor (and making app completely unusable), or switching to no-login-mode. Not sure if it is an expected app behavior though, @DeckerSU what do you think from HW user perspective?

[sergeyboyko0791]

Yes, Trezor provides such functionality.

If by 'We can ask the user to confirm the new address' you mean 'confirm on trezor device' then I totally agree

This is how Trezor suite actually works: if the device is unplugged, the GUI forgets everything and asks the user to connect the device again.

we could consider blocking UI with some sort of modal when unplug trezor (and making app completely unusable), or switching to no-login-mode.

[sergeyboyko0791]

Related issue: https://github.com/KomodoPlatform/WebDEX/issues/821

[sergeyboyko0791]

Referencing to the task::enable_utxo::init request https://github.com/KomodoPlatform/WebDEX/issues/502#issuecomment-1194088107:

// If the actual number of addresses is less than this value,
// we will generate up to `min_addresses_number` new addresses.
"min_addresses_number": 3,

we generate up to min_addresses_number empty addresses on the first coin initialization. Do we need to ask the user to confirm the new addresses on his Trezor device?
Please note that we generate new addresses if only the Trezor is connected (because we request Trezor::get_public_key to initialize the coin).
@yurii-khi @tonymorony @DeckerSU

[yurii-khi]

Referencing to the task::enable_utxo::init request KomodoPlatform/WebDEX#502 (comment):

// If the actual number of addresses is less than this value,
// we will generate up to `min_addresses_number` new addresses.
"min_addresses_number": 3,

we generate up to min_addresses_number empty addresses on the first coin initialization. Do we need to ask the user to confirm the new addresses on his Trezor device? Please note that we generate new addresses if only the Trezor is connected (because we request Trezor::get_public_key to initialize the coin). @yurii-khi @tonymorony @DeckerSU

We could mimic Trezor Suite behavior. Not sure, if it's possible to implement, but from user perspective it looks like this: if I have balances on some addresses - I can see those addresses from the start, otherwise - only one, first address. If I want to add more - I must confirm on device.