Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ledger clear signing upgrades #5966

Merged
merged 9 commits into from
Oct 15, 2024
Merged

ledger clear signing upgrades #5966

merged 9 commits into from
Oct 15, 2024

Conversation

DanielSinclair
Copy link
Contributor

@DanielSinclair DanielSinclair commented Jul 30, 2024
edited by brunobar79
Loading

Fixes APP-####

What changed (plus any additional context for devs)

  • Upgraded @ledgerhq/hw-app-eth and @ledgerhq/react-native-hw-transport-ble
  • The upstream issue that required the patch was corrected.
  • These upgrades will allow for Clear Signing with newer Ledger firmware versions

Requires https://github.com/rainbow-me/rainbow-scripts/pull/183

Screen recordings / screenshots

Screen.Recording.2024-10-10.at.12.54.58.PM.mov

What to test

  • Pairing and Signing with Ledger devices. Should try on a Ledger with an older firmware version and a recent firmware version (this month)
  • Signing for popular dApps like Lido or Uniswap should not display a Blind Signing warning (new aggressive warning)

@socket-security Socket Security
Copy link

socket-security bot commented Jul 30, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@ledgerhq/cryptoassets-evm-signatures@13.5.0 None 0 3.1 MB ldg-github-ci
npm/@ledgerhq/devices@8.4.4 None 0 223 kB ldg-github-ci
npm/@ledgerhq/domain-service@1.2.6 None 0 142 kB ldg-github-ci
npm/@ledgerhq/errors@6.19.1 None 0 208 kB ldg-github-ci
npm/@ledgerhq/evm-tools@1.2.3 None 0 135 kB ldg-github-ci
npm/@ledgerhq/hw-app-eth@6.39.0 None 0 2.21 MB ldg-github-ci
npm/@ledgerhq/hw-transport-mocker@6.29.4 None 0 108 kB ldg-github-ci
npm/@ledgerhq/hw-transport@6.31.4 None 0 133 kB ldg-github-ci
npm/@ledgerhq/live-env@2.3.0 None 0 266 kB aboissiere, gbrahm-ledger, ldg-github-ci, ...5 more
npm/@ledgerhq/react-native-hw-transport-ble@6.33.4 None 0 324 kB ldg-github-ci
npm/@ledgerhq/types-live@6.52.0 None 0 377 kB ldg-github-ci
npm/axios@1.7.7 network 0 2.14 MB jasonsaayman
npm/crypto-js@4.2.0 None 0 487 kB evanvosberg
npm/eip55@2.1.1 None 0 5.55 kB junderw
npm/react-dom@18.3.1 environment 0 4.51 MB react-bot
npm/react-native-ble-plx@3.1.2 None 0 1.89 MB dominik-czupryna-withintent
npm/utility-types@3.11.0 None 0 64.3 kB piotrwitek

🚮 Removed packages: npm/@ledgerhq/cryptoassets@6.37.0, npm/@ledgerhq/devices@8.4.0, npm/@ledgerhq/errors@6.17.0, npm/@ledgerhq/hw-app-eth@6.29.9, npm/@ledgerhq/hw-transport-mocker@6.29.0, npm/@ledgerhq/hw-transport@6.31.0, npm/@ledgerhq/react-native-hw-transport-ble@6.27.7, npm/axios@0.26.1, npm/react-native-ble-plx@2.0.3

View full report↗︎

@DanielSinclair
Copy link
Contributor Author

@BrodyHughes Have two of these PRs for App and BX related to a Ledger change to Blind Signing warnings. Just need to test that Ledger functionality is still working as expected. We are in the process of submitting metadata for our contracts to remove warnings which might be a follow-up. More details here: https://linear.app/rainbow/issue/APP-1731/ledger-removal-of-blind-signing

@brunobar79 brunobar79 marked this pull request as ready for review August 5, 2024 20:35
ibrahimtaveras00
ibrahimtaveras00 previously requested changes Aug 7, 2024
View reviewed changes
Copy link
Contributor

@ibrahimtaveras00 ibrahimtaveras00 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am unable to import via ledger on both OS's

Android: crashes after allowing permission

Screen.Recording.2024-08-07.at.2.13.47.PM.mov

iOS: TF = 1.9.34 (34)
Hangs during looking stage (I have the app open, 5 min has passed and still looking)

RPReplay_Final1723054955.MP4

@jinchung jinchung removed their request for review August 8, 2024 20:12
@walmat
Copy link
Contributor

walmat commented Aug 9, 2024

I don't have a ledger so can't really review this PR. Going to remove my request for review.

@walmat walmat removed their request for review August 9, 2024 15:28
@DanielSinclair DanielSinclair marked this pull request as draft August 21, 2024 17:15
@DanielSinclair DanielSinclair force-pushed the @daniel/bump-ledger branch 2 times, most recently from 007b0d1 to bc3c8fa Compare August 26, 2024 17:33
@DanielSinclair DanielSinclair force-pushed the @daniel/bump-ledger branch 2 times, most recently from d07451b to 97f9afb Compare September 24, 2024 18:21
@BrodyHughes
Copy link
Member

Adding my slack comment here so we don't lose it:

Ledger testing:

  • TF 1.9.41 (6)
  • Ledger Nano X
  • Hardware: Ledger NanoX V2.0
  • Firmware: Secure Element v2.2.3 // Microcontroller 2.30 // Bootloader 1.16

okay i’m not sure if the app is even asking for bluetooth permissions correctly? i am also stuck on the import flow trying to connect to ledger.

can confirm:

  • connects to phone bluetooth
  • connects to ledger live app
  • ledger live settings show bluetooth permissions allowed
  • rainbow does NOT show bluetooth permissions allowed
  • rainbow does NOT prompt me for bluetooth permissions

brunobar79 and others added 2 commits October 1, 2024 16:16
@brunobar79 @DanielSinclair
fix build
404a7ec
@DanielSinclair
chore: upgrade ledgerhq depens, remove patch
606f42b 
chore: upgrade ledgerhq depens, remove patch

The upstream issue that required the patch was corrected. These upgrades will allow for Clear Signing with new Ledger firmware versions

chore: upgrade @ledgerhq/hw-app-eth

chore: upgrade to new versions
@brunobar79 brunobar79 marked this pull request as ready for review October 10, 2024 18:30
brunobar79
brunobar79 reviewed Oct 10, 2024
View reviewed changes
metro.config.js
@@ -31,6 +31,50 @@ if (process.env.CI) {
const rainbowConfig = {
resolver: {
blacklistRE,
resolveRequest: (context, moduleName, platform) => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is required to resolve ledger packages correctly otherwise it won't find them.

brunobar79
brunobar79 reviewed Oct 10, 2024
View reviewed changes
src/handlers/LedgerSigner.ts
transport => {
const eth = new AppEth(transport);
return eth;
getEthApp(deviceId).then(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

using .then vs await to keep it compatible with the Signer interface

brunobar79
brunobar79 reviewed Oct 10, 2024
View reviewed changes
src/model/wallet.ts
return new LedgerSigner(provider, getHdPath({ type: WalletLibraryType.ledger, index: Number(index) }), deviceId);
}
} else if (privateKey) {
return new Wallet(privateKey, provider || web3Provider);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the line I mentioned before. Now the provider defaults to mainnet instead of being undefined.

brunobar79
brunobar79 reviewed Oct 10, 2024
View reviewed changes
src/screens/SendSheet.tsx
@@ -170,7 +170,7 @@ export default function SendSheet() {
const [debouncedRecipient] = useDebounce(recipient, 500);

const [isValidAddress, setIsValidAddress] = useState(!!recipientOverride);
const [currentProvider, setCurrentProvider] = useState<StaticJsonRpcProvider | undefined>();
const [currentProvider, setCurrentProvider] = useState<StaticJsonRpcProvider | undefined>(getProvider({ chainId: ChainId.mainnet }));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Provider now defaulting to mainnet. Before it was undefined (breaking ledger mainnet sends)

@brunobar79 brunobar79 requested review from jinchung, walmat and derHowie and removed request for BrodyHughes, benisgold and jinchung October 10, 2024 18:33
@brunobar79
Copy link
Member

Launch in simulator or device for c0e322f

ibrahimtaveras00
ibrahimtaveras00 approved these changes Oct 10, 2024
View reviewed changes
Copy link
Contributor

@ibrahimtaveras00 ibrahimtaveras00 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All issues have been resolved, QA Passed 👍🏽

@brunobar79
Copy link
Member

Launch in simulator or device for 4e8afdf

@brunobar79 brunobar79 added the release for release blockers and release candidate branches label Oct 11, 2024
derHowie
derHowie approved these changes Oct 11, 2024
View reviewed changes
Copy link
Member

@derHowie derHowie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changes lgtm 🫡

@brunobar79
Copy link
Member

Launch in simulator or device for 3d06921

walmat
walmat approved these changes Oct 15, 2024
View reviewed changes
Copy link
Contributor

@walmat walmat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@brunobar79 brunobar79 merged commit b191fef into develop Oct 15, 2024
8 checks passed
@brunobar79 brunobar79 deleted the @daniel/bump-ledger branch October 15, 2024 17:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brunobar79 brunobar79 brunobar79 left review comments

@ibrahimtaveras00 ibrahimtaveras00 ibrahimtaveras00 approved these changes

@derHowie derHowie derHowie approved these changes

@walmat walmat walmat approved these changes

Assignees
No one assigned
Labels
release for release blockers and release candidate branches
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@DanielSinclair @walmat @BrodyHughes @brunobar79 @derHowie @ibrahimtaveras00