Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expert Mode Arbitrary Transactions #98

Open
Wolog2021 opened this issue Jul 18, 2022 · 6 comments
Open

Expert Mode Arbitrary Transactions #98

Wolog2021 opened this issue Jul 18, 2022 · 6 comments
Assignees
Labels

Comments

@Wolog2021
Copy link
Contributor

Wolog2021 commented Jul 18, 2022

Overview

Users often want to take actions with their ledger devices which do not fall in the range of vetted transactions which are by default allow-listed within the ledger application. To allow these advanced users to take more actions, while making sure they understand the risks of their actions, we propose adding an option to the Expert Mode of the Flow Ledger App. This expert mode will allow end users to sign arbitrary transactions and have the app display useful information about the transaction to them. It should still be clear that they're taking a risk.

Specification

Add an option to skip or simplify transaction validation in expert mode. A warning must be displayed to convey the associated risk. The following values shall be displayed on device for approval as an objective:

Mainnet/testnet
Script hash
Value and type of each argument
All other fields common for every transaction

Definition of Done

After enabling expert mode and viewing the warning, the user may sign any transaction with valid basic RLP encoding. Items listed above if available shall be displayed on device for user approval or rejection.

@Wolog2021 Wolog2021 self-assigned this Jul 18, 2022
@Wolog2021 Wolog2021 added the Epic label Jul 18, 2022
@pgebheim
Copy link

@Wolog2021 This task should be prioritized over the Hash-based allowlist approach, yes?

@Wolog2021
Copy link
Contributor Author

That was the initial plan but it turned out the first iteration of the hash-based allow list was basically done so they are finishing it.

@pgebheim
Copy link

Great, good to be progressing on both fronts.

Even with expert mode it's better for people to not need to use it for major use cases like staking or transferring tokens.

@dryruner
Copy link

dryruner commented Feb 7, 2023

Hi guys, may I ask what is the most recent update on arb-msg-signing in the Flow ledger app?

  1. It is still not allowed to do so right?
  2. Is it allowed to do so after togging-on the "expert-mode"?
  3. Do we have any conclusion / plans when to support this?

I could understand this is for security reasons, but imho by allowing arb-msg-signing it would benefit the whole Flow ecosystem.

@bluesign
Copy link

bluesign commented Feb 8, 2023

@dryruner I was fighting for this long time ( #33 ), I gave up.

@dryruner
Copy link

dryruner commented Feb 8, 2023

Hmm... ok sadly sir .....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants