fix(core,legacy): Fix domain-only ethTypedData #2036
Conversation
aloisklink
force-pushed
the
allow-setting-primaryType-to-EIP712Domain
branch
from
12c0677 to
3db0397
Compare
prusnak
requested review from
grdddj and
matejcik
and removed request for
prusnak
There was a problem hiding this comment.
Some small notes/suggestions on the TT code. As for CI, I will transfer your branch into our repo so that we can run it.
EDIT: CI could be seen here - https://gitlab.com/satoshilabs/trezor/trezor-firmware/-/pipelines/440076528
|
We might want to do a UX tweak for TT. I am not sure what exactly, but the user should be notified that there is only the domain and if they want to inspect the data, that's what they should look into. OTOH there is the final confirmation screen so the user always has a chance to back out. What do you think @aloisklink ? |
|
maybe |
My gut feeling is that with EIP712 typed signing being so common nowadays in the Ethereum ecosystem, it's pretty likely people would just skip reading the title of transactions, and just do a "tap, tap, tap" while only looking at the contents. Instead I've changed the "Confirm message" screen so it just says "No message field" in 23be403 (see screenshot below). That way there is the same amount of screens to do an EIP712 typed signing. I'd admit that UI/UX isn't something I'm skilled at, so I'd be happy to change it, or let you guys change it.
|
|
Good job! CI could be seen at https://gitlab.com/satoshilabs/trezor/trezor-firmware/-/pipelines/442570184 Everything is fine there, except for the (It does not account for possibility of empty message_hash)We could do ethereum.decode_hex(parameters["message_hash"]) if parameters["message_hash"] else NoneThe There is also a UI change in all the "normal" EIP712 test-cases where the With regards to running the |
this is perfectly reasonable, thanks. |
should we perhaps modify |
There was a problem hiding this comment.
ACK on the UI changes.
please modify the test show_more_button so that it scrolls through the final hash -- you'll need to insert a client.debug.swipe_up() in the appropriate place
(https://satoshilabs.gitlab.io/-/trezor/trezor-firmware/-/jobs/1947225717/artifacts/master_diff/diff/ethereum-test_sign_typed_data.py::test_ethereum_sign_typed_data_show_more_button.html)
|
you can run T1 tests locally the normal way :)
export EMULATOR=1 DEBUG_LINK=1
cd legacy
./script/setup
./script/cibuild
|
That could be done, but currently putting |
Thanks :) After getting rid of the One needed change is to modifiy Also the |
|
I managed to get the T1 emulator working! Thanks for those instructions @matejcik (btw, it's probably worth adding it into the docs: https://docs.trezor.io/trezor-firmware/index.html) I've also tested the CLI for T1 and it also works: poetry run python3 -m python.src.trezorlib.cli.trezorctl ethereum sign-typed-data-hash 0x6192106f129ce05c9075d319c1fa6ea9b3ae37cbd0c1ef92e2be7137bb07baa1 '' -n "m/44'/60'/0'/0/0" |
Good catch, I didn't notice it. I've slightly changed this screen by paging it. Since the hash is created from the domain/message screens, I though it'd be quite unlikely that somebody would want to view the full hash, so using pagination seems to be better than swiping (plus it keeps it as a "tap tap tap" :) ) I've also updated the Changes made in 0cec5c9
|
|
The final screen should be hold-to-confirm. I don't think the "show more" dialog supports this at the moment. However, UX-wise, the hash doesn't seem to be great content for the hold-to-confirm anyway. I realize that I originally said that we want to keep the hash, but in the end it does seem pointless -- nobody is ever going to be verifying the hash against anything, except perhaps as a debugging tool (which should not be in the face of normal user's workflow). I'll confirm this with the team, but right now it seems better to not show it at all, and instead put something like "really sign EIP-712 message?" at end |
I read your mind and spotted the same issue and added it in 7c23e86 😄
Edit: Yep, nowadays EIP-712 can be used for people to access your NFTs/ERC-20s. I believe Opensea (major NFT site) and Cowswap (major ERC-20 exchange) allow trading without making a transaction, just by signing an EIP-712. Showing the final hash would work as a "Really sign EIP-712 message", but I could understand replacing it to avoid confusing a user with too much information. |
well done :)
Exactly, we don't want to train users to click through meaningless dialogs. For now let's keep it as it is now, I'll confirm what we want to do here and get back to you. |
|
@aloisklink final decision: please replace the hash screen with a simple "Really sign EIP-712 message?" and a hold-to-confirm. the wording is not awesome, so if you have a better idea, feel free. |
Would you like me to add a commit reverting 7c23e86?
Maybe the title could be "Confirm typed data" with the message as "Confirm signing EIP-712 typed data?" Some places call it typed data, and some places call it EIP-712, so it's worth putting both names in the message. |
yes please. even if we wanted to keep the code, we would want it in a separate commit
sure, that makes sense. |
|
I've reverted 7c23e86 and 0cec5c9 since the changes in them don't matter anymore. I'll manually remove them and their revert commits in the final The new final confirm screen in 30c84dc looks like the following:
I added a |
|
|
i have no more comments (unless something weird shows up on CI), so please squash & rebase afterwards |
|
Sorry, forgot to add a towncrier changelog entry when we added changes to the Added in 1cb29d3 Any chance you can restart the CI job? 😄 |
|
It seems like CI failed at I'm guessing this is a false positive since I didn't touch any Bitcoin code? |
When doing Ethereum signTypedData, and the primaryType="EIP712Domain", we completely ignore the "message" part and only sign the domain. According to the community, this is technically allowed by the spec, and may be used by ETH smart contracts to save on gas. Test case generated by @MetaMask/eth-sig-util's library. See: https://ethereum-magicians.org/t/eip-712-standards-clarification-primarytype-as-domaintype/3286
matejcik
force-pushed
the
allow-setting-primaryType-to-EIP712Domain
branch
from
1cb29d3 to
ef2ce57
Compare
|
I squashed and rebased the code, with one more tweak: the "hold to confirm" button should read "Hold to confirm". after rebase, the Connect test will very likely be OK (or at least cause an expected failure) |
|
and we're green! |
And thank you for being patient and giving great code reviews 🚀 |
There is currently a mismatch between Metamask and Trezor connect in this case, so future versions of Trezor connect will most likely change this behaviour. See trezor/trezor-firmware#2036
* Add EIP-712 signTypedData_v4 support for Model T Required updating trezor-connect to v8.2.5-extended * Call this.getModel() after this.unlock() There is potentially an issue the this.getModel() branch, see #117 (comment) I think this might be because the model information has not yet been loaded, so I've moved it to after the unlock, and added the current model in the Error message for debugging. * Fix failing test after EIP-712 model check moved * Load model if this.getModel() returns undefined Apparently this.getModel() sometimes returns `undefined`. If this happens, since we're in an `async` function, we can load the model using the official Trezor API. Co-authored-by: alisinabh <[email protected]> * Cleanup keyring while running tests Prevents NodeJS from printing a memory leak warning. * Adapt signTypedData to support Trezor one * Remove primaryType: EIP712Domain tests There is currently a mismatch between Metamask and Trezor connect in this case, so future versions of Trezor connect will most likely change this behaviour. See trezor/trezor-firmware#2036 * Fix linting issues in @alisinabh commit Fixes lint issues in f368848 * Update trezor-connect to 8.2.6-extended This should add EIP-712 support for Model 1 too. * Fix incorrect EIP-712 hash passing for Model 1 The domain and message hash do not go into the data object, see #117 (comment) Co-authored-by: Brandon Noad <[email protected]> Co-authored-by: alisinabh <[email protected]> Co-authored-by: Brandon Noad <[email protected]>
When doing Ethereum signTypedData, and the primary type = "EIP712Domain", we should completely ignore the "message" part and only sign the domain.
According to the community, this is technically allowed by the spec, and may be used by ETH smart contracts to save on gas (Ethereum smart contract computational cost).
It's also been supported by MetaMask since MetaMask/metamask-extension#6896 (or July 2019).
Test case generated by @MetaMask/eth-sig-util's library, using this gist by @alisinabh.
See https://ethereum-magicians.org/t/eip-712-standards-clarification-primarytype-as-domaintype/3286 for community discussion.
Todo
towncrierchangelog entries once I know the number of this PR (rebased)