solana-labs / obsolete-dontuse-example-webwallet Goto Github PK

Problem

Currently, transactions are signed with an insecure and temporary, in-browser keypair.

Proposed solution

Sign transactions with a keypair in a secure enclave, such as a Ledger Nano S.

Problem

Submitting a transaction signature for confirmation causes a page refresh

Expected

No page refresh, submit an async request to confirm a valid transaction.

Steps to Reproduce

1. Enter a transaction signature
2. Press enter

Wallet keys are ephemeral. While this is a burner wallet, we should store the keys. During account creation the browser could prompt the user to store the generated seed in the OS/Browser keychain as a regular password.

Problem

The confirm transaction section is not working correctly. After pasting a valid transaction signature, the input validation shows an error.

Proposed Solution

• Check if the signature input validation is incorrectly using public key input validation (that's my guess)
• Add an error message to help users know why the signature was not considered valid

login to message
add funds
airdrop to wallet
send is still greyed out

Getting this error, when going through installation steps

Example app: Web Wallet

00:19:17 ✔ pk: ((HEAD detached at v1.0.0)) example-webwallet $ npm install
npm ERR! code MODULE_NOT_FOUND
npm ERR! Cannot find module 'node-gyp/bin/node-gyp'

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/pk/.npm/_logs/2019-07-12T14_19_32_966Z-debug.log

I'd like it if a small group of people who understand the needs can QA current work and assess remaining gaps and bugs CC @jstarry Besides you, who else would be good to pull in for QA, stakeholder-wise? Happy to help here if there isn't anyone better..

Problem

The new alert design displays in all uppercase but signatures are case-sensitive.

Proposed Solution

Change CSS to not uppercase the error message

Forwarding an issue created by @aeyakovenko here: https://github.com/solana-labs/ledger-app-solana/issues/3

Problem

Hardware wallets require parsing and displaying messages inside the TPM to confirm the signing request.

Solution

We could use wallet.solana.com as a trusted display as well. Basically decode and show the hash and the transaction details in our hosted wallet, confirm the hash on the ledger. Users should confirm the transaction hash from another machine, like a mobile device.

If solana.com is compromised users would not be able to sign messages, but funds should remain secure as long as the local machine is not compromised either.

Another idea:

Maybe this is overkill, but the cli transactions could require a co-signature from the web wallet. The web wallet key is not referenced in any instructions, but the signature would force the user to look at the web wallet with their phone preferably.

dApps should be able embed the web wallet in an iframe to request tokens. The web wallet should allow this and then communicate to the dApp that it should be closed (when transaction succeeds)

Designs in Figma:
Desktop: https://www.figma.com/file/VV63sXC9UbGAUczGOEOJVapn/Solana-Network-Explorer-MVP?node-id=2150%3A0
Mobile: https://www.figma.com/file/VV63sXC9UbGAUczGOEOJVapn/Solana-Network-Explorer-MVP?node-id=2281%3A3113 (we are working on a few more mobile screens for you)

Other items -->

• Alerts: https://www.figma.com/file/VV63sXC9UbGAUczGOEOJVapn/Solana-Network-Explorer-MVP?node-id=2519%3A138 + https://www.figma.com/file/VV63sXC9UbGAUczGOEOJVapn/Solana-Network-Explorer-MVP?node-id=2519%3A280
• Send Confirmation: https://www.figma.com/file/VV63sXC9UbGAUczGOEOJVapn/Solana-Network-Explorer-MVP?node-id=2540%3A56
• Loading State: https://www.figma.com/proto/VV63sXC9UbGAUczGOEOJVapn/Solana-Network-Explorer-MVP?node-id=2226%3A149&viewport=142%2C516%2C0.5&scaling=min-zoom (go to screen 4/6 and click request tokens to see). Animation can work like this: https://codepen.io/dalityg/pen/bXxxdj
  Desktop screens are pretty much done @shivani. Haven't built out all mobile ones but can create some of the key ones.