Firefly Offline Trustless ENS Name Transfers and Attested Templates w/ ENS

[ricmoo]

Firefly

Firefly is a $5 DIY Air-gapped Hardware Wallet. Lets add ENS.

Team Name: Team Firefly Team Members: - @ricmoo @yuetloo Team Leader: @ricmoo

Hack Idea

In general, hardware wallets present the recipient address and the amount of ether to be transferred.

The goal of this hackathon is to add support for signing transactions which includes the destination ENS name, rather than an address, which is then resolved on-chain, so there is no need to trust any ENS name resolution to any third party.

Currently, sending to an ENS name is handled off the hardware wallet, on a laptop or mobile phone through the wallet software, by resolving the ENS name to an address against the blockchain, often querying public APIs (e.g. Etherscan or INFURA), which could lie (through malice, having been hacked or bugs).

In this event, the address shown in the wallet software is already wrong (i.e. an attacker), which is then shown on the hardware wallet. Since both sources match, a user accept the transaction, sending the ether to an attacker.

Stretch Goal: Attested Templates w/ ENS name resolution

The Firefly Hardware Wallet does not support firmware upgrades (by design), but transaction data can be interpreted in many ways, for example, Transferring a CryptoKitty transaction contains:

{
    to: CryptoKittiesContractAddress,
    value: 0,
    data: sighash("Transfer(address,uint256)") + padded(recipientAddress) + uint256(kittyId)
}

The interesting parts of that transaction are actually the recipientAddress and the kittyId, but currently hardware wallets would indicate "send 0 ether to CryptoKittyContractAddress with some data".

It would be nicer if the hardware wallet indicated "Send Kitty 1337 to ricmoo.firefly.eth".

[ricmoo]

@makoto

Links:

• On-Chain Contract (no repo yet)
• Ethers Wallet: (Official Repo) (patch)
• Firefly Wallet

What have we done

This is all very much "hackathon quality" with lots of hard-coded things and missing safety checks; there will be a lot more work put into this over the next few weeks before committing to production. :)

• Added Trustless on-chain sending to an ENS address by resolving names in on-chain wallet contract (bytes32 for time-constraint reasons, strings will be supported in the future)
• Added support to Ethers Wallet (iOS) for support on-chain contract wallets controlled by a Firefly EOA (still a lot to be done here, including using the RefundBakery pattern and showing the contract address + transactions as the wallet address, multi-sig configuration)
• Larger font so the address is some-what readable (well, less unreadable)
• Added some custom templating for supporting ENS names on Firefly in addition to addresses (full custom templates coming) which will also enable ENS in attested templates