SubWallet Interactive with Cold Wallet

[hieudd]

Basic knowledge

Overview

Signer with manage account and keep private key and allow to create signature for any transaction. Most of signer require passphase to unlock private key before create signature. DApp, Extension Wallet, Hardware Wallet, Mobile Signer can become signer if it keep private key of an account.

There are some signing data usecase depend on which object contain private key:

1. DApp keep private key a. This is most simplest case. DApp will create transaction and sign transaction with private key that it own.
2. Extension Wallet keep private key, this case is very popular key a. Some Wallet Extension like SubWallet have some features like a DApp. When user perform some features that required signature, this case will be the same with 1a. b. DApp will create transaction and keyring on DApp will request signature from Extension via extension signature. c. DApp on mobile can be import account from QR code. Anytime required signature DApp need to push data to Extension Wallet and get signature result by QR.
3. Hardware Wallet keep private key, this is nearly the most security a. DApp direct connect to hardware wallet via usb connection and it need to import account from hardware wallet. Whenver imported account request signature, it required Hardware Wallet connect and sign data with its passphase. b. DApp use injected account from Extension and Extension import account from hardware. With DApp this case is same with 2a but with Extension it need to import account from Hardware and connect to this device to get transaction signature.
4. Mobile Signer keep private key. This case near the same with Hardware Wallet but Mobile Signature will use QR code to interact with extension or DApp a. DApp direct connect to hardware wallet via usb connection and it need to import account from QR code. Whenver imported account request signature DApp with send and get payload via QR code. b. DApp use injected account from Extension and Extension import account from hardware. With DApp this case is same with 2a but with Extension it need to import account from and request signature by send and get data via QR code.

Use QR with signer

• Import account via QR:
  • Data: AccountType:Address:PublicKey:AccountName
  • Example: substrate:5HL6xpAbHnxCwW2uUqQ5dmev2wo2FQkpUEfmXrzmzTFkWMRo:0xe143f23803ac50e8f6f8e62695d1ce9e4e1d68aa36c1cd2cfd15340213f3423e:Westend root
• Import ETH Account:
  • Data: ethereum:(details = address | address "@" chainid | address "@" chainid ":" name)
  • EG: ethereum:0x4f604e0FECf7F78B64a564C343b870bB4608700c@1284:EVM-Account-001
• Signature request: createSignPayload(address, cmd, payload, genesisHash) in package @polkadot/react-qr
• Signature: Sign result eg: 01d6b5a7d39598c76c5754448e0e55a258088cb03a573dd04db06e16be3eafb854285407903b8ce551255011e0ae52226f52ab7a31d38f1f3fd1f0a09349e2b989
• Research Mindmap
• Standard: folllow this article

Requirements

SubWallet now work ok with case 2a, 2b It hold private key and can sign for these transaction.

• We need to test does our wallet work well with case 3a.
• We also compitable with case 2c, 4b

Todo List

These step will help us response for all requiredment

Research

• [x] How to hardware wallet work?
• [x] How to mobile signer work?

Test again

• [x] Sign Transactions with hardware wallet
• [x] Create Account via Ledger
• [x] Send / Receive Assets

  Implement

  Can use 2 lib @polkadot/react-singer & @polkadot/react-qr with these component QrDisplayPayload and QrScanSignature

• [x] #316
• [x] #317
• [x] #315

  Staking

• [x] Stake
• [x] UnStake
• [x] Withdraw

[sokol142]

Pls check some issues:

• [x] Account imported via QR-Signed still enable Export Private Key button on the Receive screen

• [x] Can't cancel "Scan signature via camera" action

• [x] Do not showing error message when user entered wrong password on the Scan QR screen

• [x] Still showing Scan QR screen when re-open popup extension Steps:

  1. Open the extension
  2. Go to Scan QR screen
  3. On the Scan to publish screen, user click on "Home" button/ click on Scan another QR
  4. Close the popup
  5. Re-open the popup Actual:

• Still showing Scan QR screen if user click on Home button

• Still showing information of the previous transaction if user click on Scan another QR

• [x] Bug UI

• [x] Showing incorrect screen when user perform resend tokens (see file attachment below)

• Actual: Showing the Authorize Step 2 (Scan to publish transaction)

• Expect: Showing the Authorize Step 1 (Scan to send request)

• Note: Reproduce both Send Fund & XCM Transfer feature

• [x] Do not navigate to the previous screen when user click on "Previous Step" button

• [x] The transaction of the EVM account imported via QR cannot be found on the subscan page

• [x] Check case import account via QR that already exists on the wallet (with private key on the wallet)

• Actual: Replace by account imported via QR so some features are limited.

• Expected: Keep the original account

• [x] Do not remember password after signed successfully:

Improve:

• [x] After imported via QR-Signed successfully, switch to this account

• [x] Add the checkbox "Auto connect to all DApp after creating" (refer the Create Account/Import Acc/Restore Acc screen)

• [x] Display message warning when user scan invalid QR

[sokol142]

• [x] Don't show err message on the popup extension when QR code is invalid

• [x] Don't show information when click on X button on the Authorize Transaction screen

Other bug UI:

• [x]

• [x]

• [x]

• [x]

• [x]

[sokol142]

Version test: https://file.cdmteck.com/s/4oimk9zDJ8R5Aai/download?path=%2F&files=./337-merge-build-0.4.6-1656046324651.zip

Pls check issues:

• [x] Can not send NFT from QR Account & Ledger account

• [x] Support signing & send transaction on DApps for the EVM Account which imported via QR

• [x] Improve experience when importing Ledger Account Expected:

• Keep the current chain of the Ledger account & not allow switch chain

• After imported via Ledger successfully, automatically switch to this account

[sokol142]

Version test: https://file.cdmteck.com/s/4oimk9zDJ8R5Aai/download?path=%2F&files=./337-merge-build-0.4.7-1656312422203.zip

• [x] Do not showing information when scan QR in case send fund, send NFT, XCM transfer for the Account Substrate which imported via QR

[sokol142]

• [x] Display incorrect screen when user click on Cancel XCM transfer Steps:

  1. Open the extension
  2. Go to the XCM transfer screen
  3. Input valid data then click on Transfer button
  4. Click on Sign via QR
  5. On the Authorize Transaction - Scan QR code screen, click on Cancel button
  6. Back to Send Fund screen then click on Transfer button again Actual: Navigate to Scan QR code Expected: Navigate to the Sign via QR code screen To reproduce: https://www.loom.com/share/9299c4d1a5f94cbb93dccefbb9d6e405

• [x] Bug UI

• [x] Bug UI

[sokol142]

Version test: https://file.cdmteck.com/s/4oimk9zDJ8R5Aai/download?path=%2F&files=./337-merge-build-0.4.7-1656662663807.zip Check issues:

• [x] Click on Cancel button but can't cancel, the popup is not turn off

[sokol142]

Version test: https://file.cdmteck.com/s/4oimk9zDJ8R5Aai/download?path=%2F&files=./337-merge-build-0.4.9-1657187578811.zip

Please check:

• [x] Showing incorrect information when click on Retry button: https://www.loom.com/share/397e838d80fa4d72b1bf48eca3aa7b5f

• Expected:

  • Back to Staking Action screen & display correct information
  • Hide "Back to home" button, because have button Cancel

• [x] Bug happens when user connect to Dapps, that have sign message (ex: connect to https://portal.astar.network)

• [x] Bug UI

• [ ] Still display loading screen when user perform send assets in case the previous transaction has not been approved for review on Ledger Steps:

  1. Open the extension
  2. Go to the Send fund screen
  3. Input valid data for the all fields then click on "Sign on ledger" button but not approve for review on ledger
  4. Perform another transactions Actual: Still show loading screen (see file attachment: https://www.loom.com/share/443c77e986304641ab602432ec1f58be) Expected: (debate)

[sokol142]

Version test: https://file.cdmteck.com/s/4oimk9zDJ8R5Aai/download?path=%2F&files=./337-merge-build-0.4.9-1657795530326.zip

• [x] Check case send asset (tokens + NFTs) from Ledger Account (Kusama) File record: https:

https://user-images.githubusercontent.com/102292476/180154801-d96e6159-4368-4562-bc50-a372aceee551.mp4

Notes: Staking for the Ledger Account not tested yet

[sokol142]

@hieudd Screenshot for this feature. QR_Ledger_Account.zip

Scan QR screen:

[S2kael]

Ledger Kusama

• Update App Kusama on Ledger Live to latest version

https://user-images.githubusercontent.com/41369298/181150703-c433595a-1ccc-4fb3-b545-a5e961e006f6.mp4

[hieudd]

@S2kael update style follow this Design:

• [x] Case 1: With Ledger Device:

• Description: Update style to have more space to display alert)

• Design: https://www.figma.com/proto/4cYWHubrmdayui6VybR3BA/SubWallet-font-2?node-id=4280%3A13265&scaling=min-zoom&page-id=4%3A14

• [x] Case: QR Signer:

• Update style: Update the style according to the design

• https://www.figma.com/proto/4cYWHubrmdayui6VybR3BA/SubWallet-font-2?node-id=4292%3A14421&scaling=min-zoom&page-id=4%3A14

[sokol142]

Version test: https://file.cdmteck.com/s/4oimk9zDJ8R5Aai/download?path=%2F&files=./337-merge-build-0.5.3-1659612112422.zip

QR signer

• [x] Case: Private Key in Cold Wallet Tested with Stylo. Validation passed for cases:

• Attach address

• Send fund

• XCM transfer

• Send NFT

• Staking: Stake, Unstake, Withdraw

• Connect dApp & send asset via dApp

• [x] Case: Private Key in Extension Validation passed for sign transaction in cases:

• Send fund

• XCM transfer

• Send NFT

• Staking: Stake, Unstake, Withdraw

• Connect dApp & send asset via dApp