pgebheim
commented
2 years ago @Wolog2021 This task should be prioritized over the Hash-based allowlist approach, yes?
Open Wolog2021 opened 2 years ago
pgebheim
commented
2 years ago @Wolog2021 This task should be prioritized over the Hash-based allowlist approach, yes?
Wolog2021
commented
2 years ago That was the initial plan but it turned out the first iteration of the hash-based allow list was basically done so they are finishing it.
pgebheim
commented
2 years ago Great, good to be progressing on both fronts.
Even with expert mode it's better for people to not need to use it for major use cases like staking or transferring tokens.
dryruner
commented
1 year ago Hi guys, may I ask what is the most recent update on arb-msg-signing in the Flow ledger app?
I could understand this is for security reasons, but imho by allowing arb-msg-signing it would benefit the whole Flow ecosystem.
bluesign
commented
1 year ago @dryruner I was fighting for this long time ( https://github.com/onflow/ledger-app-flow/issues/33 ), I gave up.
dryruner
commented
1 year ago Hmm... ok sadly sir .....
Overview
Users often want to take actions with their ledger devices which do not fall in the range of vetted transactions which are by default allow-listed within the ledger application. To allow these advanced users to take more actions, while making sure they understand the risks of their actions, we propose adding an option to the Expert Mode of the Flow Ledger App. This expert mode will allow end users to sign arbitrary transactions and have the app display useful information about the transaction to them. It should still be clear that they're taking a risk.
Specification
Add an option to skip or simplify transaction validation in expert mode. A warning must be displayed to convey the associated risk. The following values shall be displayed on device for approval as an objective:
Mainnet/testnet Script hash Value and type of each argument All other fields common for every transaction
Definition of Done
After enabling expert mode and viewing the warning, the user may sign any transaction with valid basic RLP encoding. Items listed above if available shall be displayed on device for user approval or rejection.