[Ledger] Blind signing is being deprecated

[katspaugh]

We should research an alternative, potentially implement a Ledger app/plugin for Safe.

@schmanu:

I think ledger’s actually support eth_signTypedData by now but the contract abi’s need to be allow-listed here: https://github.com/LedgerHQ/ledger-asset-dapps/tree/main/ethereum Source from Ledger docs: https://developers.ledger.com/docs/tokens/eip712-messages

We need to add our SafeTransaction message type and our new SafeUserOperation message type.

[chandraprakash]

Hi Team,

I encountered an issue while trying to sign an EIP-712 JSON (SafeTx) offline using a Ledger hardware wallet. The Ledger hardware only displays the domain and message hash instead of the full parameters of SafeTx.

I found this article for manual verification: https://help.safe.global/en/articles/40831-how-to-verify-safe-transactions-on-a-hardware-wallet

Is clear signing of SafeTx offline on Ledger device supported yet?

If yes, please point me to the appropriate documentation.

If no, I would appreciate knowing your plans for this feature. Is it possible to add SafeTx to https://github.com/LedgerHQ/ledger-asset-dapps, or are you planning a plugin?

Details:

• Safe Multisig wallet owns my Smart Contract.
• One of the signers of the Safe Multisig wallet is an address/key in a Ledger device.
• I am trying to do a contract call via the Safe Multisig wallet.

• To collect signatures offline, I am using the following forge cast wallet command with an EIP-712 formatted JSON message file:

  
  cast wallet sign -l --data --from-file message.json --from <ADDRESS>

I was hoping to see the full SafeTx parameters on the Ledger screen, but it only showed the domain hash and message hash.

Thank you.