Resolve issues while signing messages with certain formats

leather-io / extension

Leather browser extension

https://leather.io

MIT License

303 stars 142 forks source link

Resolve issues while signing messages with certain formats #2725

Open kyranjamie opened 2 years ago

kyranjamie commented 2 years ago

Some messages are being immediately rejected by the Ledger. This was highlighted by Gamma.io's msg signing auth.

Our test app uses a pretty long string of

https://github.com/hirosystems/stacks-wallet-web/blob/b5a36f10e478037654ed9c93011a1d826f7329a7/test-app/src/components/signature.tsx#L44-L45

which signs without problem.

Gamma's message, that looks like...

Welcome!
Sign this message to access Gamma's full feature set.
As always, by using Gamma, you agree to our terms of use: https://gamma.io/terms
Domain: gamma.io
Account: SP2PH3XAPDMSKXQVS1WZ80JGZACY713JQQEE1DY48
Nonce: c83024f9e9aef40f5d72076e883054c07100035112826b14f78e5a893d62b1bf

...fails. It's not immediately clear why. Our test example is longer, so it doesn't appear length related. Removing carriage returns & punctuation also doesn't completely fix the issue.

314159265359879 commented 1 year ago

A user is reporting that signing a message on console to login failed with this error: "Your ledger device has rejected the payload stating it is invalid"

314159265359879 commented 1 year ago

A user encountering similar problems, it is likely related to this issue.

markmhendrickson commented 1 year ago

@kyranjamie this should be resolved fully by https://github.com/Zondax/ledger-stacks/pull/138, correct?

kyranjamie commented 1 year ago

Yes, it should. though it'd be great if we could test the actual app throwing this error. Edge cases have been missed in the past because of an untested apps. I've made an App Support db in Notion to track support/internal QA of apps.

TJustin602 commented 1 year ago

hi. still getting this error when trying to authenticate on gamma.io . more than happy to show the message :)

314159265359879 commented 1 year ago

hi. still getting this error when trying to authenticate on gamma.io . more than happy to show the message :)

Thanks @TJustin602 unfortunately Ledger has not yet approved our fix for this issue. This is expected to be fixed when Stacks app for Ledger live is at version 0.23.4 or higher.

TJustin602 commented 1 year ago

Thanks very much for the update !

kahnanX commented 1 year ago

got the same error message, just to log my case , I know I need to wait until ledger to work on this issue...

friedger commented 1 year ago

Stack address field in a Blocksurvey causes the same issue for users.

markmhendrickson commented 1 year ago

This continues to await security review on Ledger's end 😢

kyranjamie commented 3 months ago

I've tested the Gamma.io flow that was previously broken. With Stacks app v0.24.2 I'm able to sign the message successfully.