Comments (14)
I am planning to create a mechanism which will allow a wallet to upload a signed definition of {coin, token, 4byte-function} as a part of signed transaction.
We would need to create a signed database where each row is signed by trusted key (public key of this keypair will be part of the Trezor firmware) and TREZOR will parse and check the signature of provided data-row.
That way, we would not need to store all coins/tokens/4bytes in the firmware.
from trezor-firmware.
yes, this has more info so i suggest closing #2874 and keeping this one
from trezor-firmware.
That is a great idea! Please keep me updated on this
from trezor-firmware.
I was looking at the catalog and I am quite disappointed about the very high number of collisions in the space. It is so high, I have my doubts about the usefulness of the feature.
How do you solve the collision problem? Do you show all possible options?
from trezor-firmware.
I do not see many collisions - I was expecting more and was surprised that there where not too many collisions. In the 23504 signatures I parse currently there are 3 collisions:
aaaaaad1 yycU4()
aaaaaad1 uYZeB()
00000000 get_block_hash_257335279069929(uint256)
00000000 overdiffusingness(bytes,uint256,uint256,uint256,uint256)
00000000 left_branch_block(uint32)
0000006e bright_peace(bytes32,bytes)
0000006e display_allow(uint256,uint256,uint256,uint32)
the first 2 (aaaaaad1 and 00000000) sound really constructed and I do not think there is real world impact with these. And even 6e can IMHO be ignored. Wonder where your observation of :
high number of collisions in the space
is coming from.
from trezor-firmware.
is coming from.
I looked at 00000000
and expected the rest is the same :-)
from trezor-firmware.
Do you think it's possible to create something like a curated list where all collisions are resolved? That means no signature collisions (i.e. no entries for 00000000, 0000006e, etc.) and also where you pick the better value for a9059cbb
from transfer(address _to,uint256 _value);transfer(address to,uint val)
? Or this is just too much effort?
from trezor-firmware.
hehe - no - don't judge a list by the first entry ;-)
I think 00000000 is constructed - some context:
pipermerriam/ethereum-function-signature-registry#30 (comment)
http://swende.se/blog/Blockhash-Refactor.html
from trezor-firmware.
I think currently it is possible to curate a list that resolves the collisions - but not sure how future compatible this is ..
from trezor-firmware.
I will check how many collisions there will be left if I treat arguments _to
and to
like they are the same. Also maybe creating a small dictionary which says that val
and value
are the same could help.
Another question: is uint
and uint256
the same?
from trezor-firmware.
Another question: is uint and uint256 the same?
yes - uint must be resolved to uint256 for the function selector
uint, int: synonyms for uint256, int256 respectively. For computing the function selector, uint256 and int256 have to be used.
https://solidity.readthedocs.io/en/develop/abi-spec.html
PS: the collisions I showed above are without parameter names - with parameter names there are more - currently I am not sure about the parameter names - hope to be able to discuss this in about 2 weeks in person with @holiman
from trezor-firmware.
linking to #15
from trezor-firmware.
duplicate? #2874
from trezor-firmware.
Copied from #2874:
Every transaction in Ethereum can carry additional input data (e.g. 0x095ea7b30000000000000000000000008bc3702c35d33e5df7cb0f06cb72a0c34ae0c56f00000000000000000000000000000000000000000000000ee5c13efe85190000
) (https://etherscan.io/tx/0x2b930225479934eda949c3c2b0f3af5d5fd60136f7c9f0d5bbabf569def1f8a8). The first 4 bytes of this input data, i.e. 0x095ea7b3
, specify which function in the smart contract gets executed. These 4 bytes are not human readable. Therefore, there exists signature databases which help to map the hash (4 bytes) to human-readable form.
Signature databases:
- https://www.4byte.directory/signatures/
- https://github.com/volsa/etherface
- (https://www.etherface.io/statistics)
example
0x38ed1739000000000000000000000000000000000000000000000000000000009502f900000000000000000000000000000000000000000000a07e38bf71936cbe39594100000000000000000000000000000000000000000000000000000000000000a00000000000000000000000003c02cebb49f6e8f1fc96158099ffa064bbfee38b00000000000000000000000000000000000000000000000000000000616e11230000000000000000000000000000000000000000000000000000000000000003000000000000000000000000a0b86991c6218b36c1d19d4a2e9eb0ce3606eb48000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc2000000000000000000000000528b3e98c63ce21c6f680b713918e0f89dfae555
0x
- indicator that the hexadecimal38ed1739
- hashed signature of the function being called (every 2 hex characters represent a byte)- The rest of the bytes are hashes of the arguments being passed to the function
decoded data:
function called: swapExactTokensForTokens
arguments: {
"amountIn": 2500000000,
"amountOutMin": 194024196127819599854524737,
"path": [
"0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
"0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
"0x528B3e98c63cE21C6f680b713918E0F89DfaE555"
],
"to": "0x3c02cebB49F6e8f1FC96158099fFA064bBfeE38B",
"deadline": 1634603299
}
Possible next steps:
- preload the well known smart contract addresses → label it → show the label next to the address (otherwise label it as unknown)
- label the Smart Contract address user is authorising and highlight an unknown address to give an alert
- address after parameter “to” (most of the time same as address of the sender) - compare “to” address with “from” address → if not same → warning
- warn before signing an unlimited allowance contract https://satoshilabs.slack.com/archives/C03SRP8PSS2/p1680176003637509
from trezor-firmware.
Related Issues (20)
- Make loaders more fluent
- Building on Aarch64 (GCC 13 and Python 3.12) HOT 4
- improve robustness of i2c communication by using DMA
- Improve waking optiga from sleep mode
- Add BOOTLOADER VERSION and BOARDLOADER VERSION to prodtest HOT 1
- Passphrase flows
- "Previous" instead of "Back/Cancel" during Backup recovery/dry run
- Fix backlight timer setting
- Move backlight control fully into Rust
- Homescreen/Lockscreen
- Backup check/Dry run flow
- rounded rect rendering bug
- Swipe up animation between receive address and tap to confirm screen after tap to confirm animation
- Send ETH (EVM)
- Persistent words in recovery
- Screen transitions
- Show last typed PIN number for short period of time before changing it to "*"
- use `storage.cache.set_bool`
- Check backup - wrong Suite response
- Better integration of Slip39_Single backup type
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trezor-firmware.