Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move Ethereum Ledger Integration to untrusted iframe #24275

Closed
nvonpentz opened this issue Jul 26, 2022 · 1 comment · Fixed by brave/brave-core#14373
Closed

Move Ethereum Ledger Integration to untrusted iframe #24275

nvonpentz opened this issue Jul 26, 2022 · 1 comment · Fixed by brave/brave-core#14373
Assignees
@nvonpentz
Labels
feature/web3/wallet/core feature/web3/wallet Integrating Ethereum+ wallet support OS/Desktop priority/P1 A very extremely bad problem. We might push a hotfix for it. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include sec-high security
Milestone
1.44.x - Release

Comments

@nvonpentz
Copy link

We need to isolate the Ethereum Ledger JS libraries similar to how we did for Solana.
@nvonpentz nvonpentz added security sec-high priority/P1 A very extremely bad problem. We might push a hotfix for it. QA/Yes release-notes/include feature/web3/wallet Integrating Ethereum+ wallet support OS/Desktop feature/web3/wallet/core labels Jul 26, 2022
@nvonpentz nvonpentz self-assigned this Jul 26, 2022
@nvonpentz nvonpentz mentioned this issue Jul 27, 2022
Merged
25 tasks
@yrliou yrliou added this to Web3 Aug 10, 2022
@yrliou yrliou moved this to In Review in Web3 Aug 10, 2022
Repository owner moved this from In Review to Done in Web3 Aug 18, 2022
@brave-builds brave-builds added this to the 1.44.x - Nightly milestone Aug 18, 2022
@srirambv
Copy link
Contributor

Verification passed on

Brave 1.44.99 Chromium: 106.0.5249.55 (Official Build) (64-bit)
Revision 4d5f098fca6ab7f4b6b7c240be3d9593c2357709-refs/branch-heads/5249@{#531}
OS Linux
  • Verified steps from brave/brave-core#14373
  • Verified Authoize message is shown when Ledger is connected for the first time to import wallet
  • Verified authorizing Ledger allows to connect Ledger and import wallet
  • Verified once authorized doesn't ask again when connected
  • Verified able to load more accounts on the import account screen
  • Verified able to select multiple accounts to be imported at once
  • Verified Authorize transaction is shown for the first transaction done via Ledger wallet
  • Verified able to sign transactions via Ledger wallet
  • Verified able to ETH Sign transactions via Ledger wallet
  • Verified able to sign + verify Sign Type Data V3 & Sign Type Data V4 transactions
  • Encountered #25616, #25617, #25619 & #25623

Verification passed on

Brave 1.44.99 Chromium: 106.0.5249.55 (Official Build) (64-bit)
Revision 4d5f098fca6ab7f4b6b7c240be3d9593c2357709-refs/branch-heads/5249@{#531}
OS Windows 11 Version 21H2 (Build 22000.978)
  • Verified steps from brave/brave-core#14373
  • Verified Authoize message is shown when Ledger is connected for the first time to import wallet
  • Verified authorizing Ledger allows to connect Ledger and import wallet
  • Verified once authorized doesn't ask again when connected
  • Verified able to load more accounts on the import account screen
  • Verified able to select multiple accounts to be imported at once
  • Verified Authorize transaction is shown for the first transaction done via Ledger wallet
  • Verified able to sign transactions via Ledger wallet
  • Verified able to ETH Sign transactions via Ledger wallet
  • Verified able to sign + verify Sign Type Data V3 & Sign Type Data V4 transactions
  • Encountered #25616, #25617, #25619 & #25623

Verification passed on

Brave 1.44.99 Chromium: 106.0.5249.55 (Official Build) (arm64)
Revision 4d5f098fca6ab7f4b6b7c240be3d9593c2357709-refs/branch-heads/5249@{#531}
OS macOS Version 12.4 (Build 21F79)
  • Verified steps from brave/brave-core#14373
  • Verified Authoize message is shown when Ledger is connected for the first time to import wallet
  • Verified authorizing Ledger allows to connect Ledger and import wallet
  • Verified once authorized doesn't ask again when connected
  • Verified able to load more accounts on the import account screen
  • Verified able to select multiple accounts to be imported at once
  • Verified Authorize transaction is shown for the first transaction done via Ledger wallet
  • Verified able to sign transactions via Ledger wallet
  • Verified able to ETH Sign transactions via Ledger wallet
  • Verified able to sign + verify Sign Type Data V3 & Sign Type Data V4 transactions
  • Encountered #25616, #25617, #25619 & #25623

@kjozwiak kjozwiak mentioned this issue Sep 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nvonpentz nvonpentz

Labels
feature/web3/wallet/core feature/web3/wallet Integrating Ethereum+ wallet support OS/Desktop priority/P1 A very extremely bad problem. We might push a hotfix for it. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include sec-high security
Projects
Web3
Archived in project
Milestone
1.44.x - Release
Development

Successfully merging a pull request may close this issue.

Move Ethereum Ledger integration in untrusted iframe brave/brave-core
3 participants
@nvonpentz @srirambv @brave-builds