Closed StephenHeaps closed 9 months ago
These trades cost gas, since they are real transactions. Also, we do not have the ability to display custom recipients in this case, for the time being.
What do we display in this case? I'd assume the details are proper and we could see it there,but I don't expect many users will think to do that. I could see this being used as a tool to drain wallets.
These trades cost gas, since they are real transactions. Also, we do not have the ability to display custom recipients in this case, for the time being.
What do we display in this case? I'd assume the details are proper and we could see it there,but I don't expect many users will think to do that. I could see this being used as a tool to drain wallets.
In this case they are provided to us from BraveCore as TransactionInfo
models (instead of SignMessageRequest
models) display using the existing transaction confirmation (not sign message panel), with gas fees:
https://github.com/brave/brave-ios/assets/5314553/ac66f64f-3297-462c-990f-7d2826cb238a
@StephenHeaps sorry, I misquoted what I was originally trying to comment on. I was referencing the custom recipients. I see on desktop as well as iOS that we'll want to fix. I'm opening an issue to get this fixed on Desktop. Do we need to do something to get this fixed on iOS in this PR or would it be easier to ship it in a follow up PR?
@StephenHeaps sorry, I misquoted what I was originally trying to comment on. I was referencing the custom recipients. I see on desktop as well as iOS that we'll want to fix. I'm opening an issue to get this fixed on Desktop. Do we need to do something to get this fixed on iOS in this PR or would it be easier to ship it in a follow up PR?
In this PR, iOS supports displaying CoW Swap custom recipients for safer sign signature requests (gas-less / free network fee, shown with Sign
button), but we don't have ability to parse out the recipient in the ETHSwap
transaction type yet (requires gas, shown with Confirm
button).
[puLL-Merge] - brave/brave-ios@8533
This pull request introduces multiple improvements and refactoring to the Brave iOS wallet codebase, primarily focusing on the signing of messages and signatures for wallet transactions. It introduces a new store for managing sign message requests and a new view for handling CoW swap order requests. It also replaces the previous implementation of the transaction confirmation view with a new container view that better handles different types of transactions.
SaferSignTransactionContainerView
and SaferSignTransactionView
needs proper inspection to ensure that all data is correctly validated and handled securely.SignMessageRequestStore.swift
for asynchronously fetching and updating unknown token data needs review to prevent potential timing attacks or data inconsistencies.RequestContainerView.swift
and subsequent related views requires thorough testing to ensure message and domain data is handled securely without exposing sensitive information or creating vulnerabilities.
Summary of Changes
ETHSwap
transaction. For all other tokens, a sign message request is created (no gas fees!).SwapTransactionConfirmationView
was refactored intoSaferSignTransactionView
for re-use and removes dependency onParsedTransaction
for display. This was the safer sign UI for ethereum swap transactions.SaferSignTransactionContainerView
wraps this view for Safer Sign swap transactions.SaferSignMessageRequestContainerView
wraps this view for Safer Sign message requests (CoW Swap orders).SignMessageRequestView
was refactored to extract the content (message/domain display + consecutive new line & unknown character warnings). The message/domain & warning can now be displayed separately usingSignMessageRequestContentView
SaferSignMessageRequestContainerView
re-uses thisSignMessageRequestContentView
for the detail view, so we get the same display as sign message requests.SignMessageRequestStore
was created forSignMessageRequestContainerView
. It's used to fetch details for CoW swap orders from core apis.This pull request fixes #8114
Submitter Checklist:
NSLocalizableString()
Test Plan:
Direct link to CoW Swap for WETH token -> COW token on Goerli Test Network (I used Goerli, any supported network sufficient). https://swap.cow.fi/#/5/swap/WETH/COW
Details
shows the sign transaction details.Screenshots:
Reviewer Checklist:
QA/(Yes|No)
bug
/enhancement