Tweaks and creaks: Disable UNS, fix Ledger signing on built-in non-ETH/MATIC networks #3746
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Shadowfiend
force-pushed
the
tweaks-and-creaks
branch
from
6f128b8
to
759a231
Compare
UNS was compromised in the SquareSpace domain hack triggered by the Google Domains shutdown. They've turned off services but DNS hijacking means we will avoid trusting until things are back to normal, at which point an updated API key will be issued and UNS will be re-enabled with the updated key.
Ledger was checking specifically for those two networks from a constant that was never updated. We switch instead to check whether the network in question shares a derivation path with the one used by the Eth app (aka the Ethereum derivation path). Custom networks added by users currently don't set a derivation path, so they will still fail this test (as well as the guards on signing messages and typed messages, which are already using derivation paths).
The Ledger-specific signing screen showed the domain and message hashes with a startin 0X due to an aggressive toUpperCase call. To make it easier to scan, it now starts with 0x (lowercase x) as expected.
Shadowfiend
force-pushed
the
tweaks-and-creaks
branch
from
0bdb781
to
7a25914
Compare
Merged
Shadowfiend
added a commit
that referenced
this pull request
Oct 5, 2024
## What's Changed * v0.57.0 by @Shadowfiend in #3735 * Support for Wallet Test Framework by @SamWilsn in #3737 * Fix typos by @omahs in #3724 * Fix a couple of typos from contribution by @Shadowfiend in #3742 * Move action using node12 to a newer version by @michalinacienciala in #3722 * Changed the build for the firefox browser by @kogeletey in #3733 * Remove Goerli testnet from the testnets list by @michalinacienciala in #3718 * Move autolock timer by @radchukd in #3743 * Tweaks and creaks: Disable UNS, fix Ledger signing on built-in non-ETH/MATIC networks by @Shadowfiend in #3746 ## New Contributors * @SamWilsn made their first contribution in #3737 * @kogeletey made their first contribution in #3733 * @radchukd made their first contribution in #3743 Latest build: [extension-builds-3747](https://github.com/tahowallet/extension/suites/26032567144/artifacts/1703810792) (as of Mon, 15 Jul 2024 21:35:33 GMT).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
These are unrelated changes: UNS is disabled due to compromise during the late-last-week SquareSpace domain theft issues, while the Ledger signing issue is long-standing. The Ledger signing issue is partial—it doesn't work for custom networks, and it is handled in a way that's different for EIP191 messages than for other messages; further refinement is needed to fix it the rest of the way.
Latest build: extension-builds-3746 (as of Mon, 15 Jul 2024 21:10:18 GMT).