Open ricmoo opened 6 years ago
@makoto
Links:
This is all very much "hackathon quality" with lots of hard-coded things and missing safety checks; there will be a lot more work put into this over the next few weeks before committing to production. :)
Firefly
Firefly is a $5 DIY Air-gapped Hardware Wallet. Lets add ENS.
Team Name: Team Firefly Team Members: - @ricmoo @yuetloo Team Leader: @ricmoo
Hack Idea
In general, hardware wallets present the recipient address and the amount of ether to be transferred.
The goal of this hackathon is to add support for signing transactions which includes the destination ENS name, rather than an address, which is then resolved on-chain, so there is no need to trust any ENS name resolution to any third party.
Currently, sending to an ENS name is handled off the hardware wallet, on a laptop or mobile phone through the wallet software, by resolving the ENS name to an address against the blockchain, often querying public APIs (e.g. Etherscan or INFURA), which could lie (through malice, having been hacked or bugs).
In this event, the address shown in the wallet software is already wrong (i.e. an attacker), which is then shown on the hardware wallet. Since both sources match, a user accept the transaction, sending the ether to an attacker.
Stretch Goal: Attested Templates w/ ENS name resolution
The Firefly Hardware Wallet does not support firmware upgrades (by design), but transaction data can be interpreted in many ways, for example, Transferring a CryptoKitty transaction contains:
The interesting parts of that transaction are actually the
recipientAddress
and thekittyId
, but currently hardware wallets would indicate "send 0 ether to CryptoKittyContractAddress with some data".It would be nicer if the hardware wallet indicated "Send Kitty 1337 to ricmoo.firefly.eth".