-
Notifications
You must be signed in to change notification settings - Fork 395
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resolve local names for each network #2555
base: main
Are you sure you want to change the base?
Conversation
Local names of addresses should be global so they should be the same on every network.
Hmmm… If I'm not mistaken, the same address on RSK is not controlled by the same keys, as far as I understand it. So we can't treat them as the same from a naming perspective either, otherwise there are potentially ways for a user to be tricked into sending something to a known address that isn't actually a known address on a given network. I feel like we could address this with a little extra safety and a little less overall complexity by changing const sameAddressBookEntry = (a: AddressOnNetwork, b: AddressOnNetwork) =>
normalizeEVMAddress(a.address) === normalizeEVMAddress(b.address) &&
networksShareAddresses(a.network, b.network) Where we define a new function, /**
* Tests whether two networks share addresses; that is, if the same address on
* both networks is controlled by the same keys.
*/
export function networksShareAddresses(
network1: AnyNetwork,
network2: AnyNetwork
): boolean {
if (sameNetwork(network1, network2)) {
return true
}
return network1.family === network2.family &&
ADDRESS_EQUIVALENT_NETWORK_GROUPS.some((group) =>
group.has(network1.chainID) && group.has(network2.chainID))
} Then we have the last piece, in /**
* An array of groups of address-equivalent networks, represented by their chain
* IDs. Each set of chain IDs represents a group of networks on which the same
* address is controlled by the same keys. For example, the same address on Polygon
* and on Ethereum mainnet is controlled by the same keys in the wallet. The same
* address on Ethereum mainnet and RSK might not be.
*/
export const ADDRESS_EQUIVALENT_NETWORK_GROUPS: Set<string>[] = [
new Set(ETHEREUM.chainID, POLYGON.chainID, ...)
] Since we already resolve names in a network-aware way, this would let name resolution proceed without any modifications for local networks. Since we already resolve addresses in a network-aware way, name resolution could again continue to work as expected. Finally, if we added a network with an equivalent address in the future, I believe this should allow the name resolution to function completely normally as well. In general I think it'll allow fewer special cases across the wallet by encapsulating the shared nature of addresses very close to the network concept, instead of applying specialized code in name resolution to handle it. Thoughts? |
This can be true on account abstraction chains, but I'm not sure it's true on RSK... instead, the same recovery phrase in their ecosystem will yield different addresses due to the different default derivation path? Would be good to get confirmation here. |
This ostensibly means the same thing though, right? Though I suppose the attack vector here requires brute forcing an attack address. |
@Shadowfiend can you point to their docs where you found this? I'm digging and I can't find anything about it. If this is the case with keys/addresses then I think we have a much bigger problem - adding new addresses for the same imported seed phrase is adding addresses that are valid for ETH but not for RSK? |
- autoselect input when slideup is opened - fix placement of input error
Possible I'm being philosophical instead of practical here; I think the thing to do here is check in with the RSK folks and see if it makes sense to them that if I add an Ethereum seed phrase I can then switch to RSK and use it as-is, without generating a different address. The flip possibility here is that you add an RSK address using the RSK derivation path, and then switch to Ethereum and use that. This will "work", but if you try to import that same seed phrase or key in another Ethereum wallet, you most likely won't be able to generate that address without putting in a custom derivation path. Not sure how big of a concern this is, but it's one of the edge cases of multi-network support when different derivation paths are “normal” for different networks. |
As a side note, if we don't care about the RSK distinction, can't we just redefine |
|
@ahsan-javaiid can you please take a look at the conversation we have here? Do we need to be worried about different derivation path on RSK? |
That concern may be more real than I expected depending on how the ethereum app and RSK app on ledger interact with these addresses, I realize now 😅 Lot of interactions we need to test. |
@Shadowfiend the possibility of using the derivation path of another chain is a feature in many wallets and a useful one under certain contexts, example: you added RSK as custom rpc in Metamask and you got an address after applying the ETH derivation path by default (and only option, in fact). This user will only get the same account in a wallet that integrates correctly RSK if this feature is possible. |
@Shadowfiend with Ledger is different because the apps only work with the right derivation path (so the only way to get an ETH address is by connecting to the ETH app and sending the ETH dpath as parameter) |
@jagodarybacka @Shadowfiend in summary, I don't think this is something to worry or a blocker. cc @ahsan-javaiid |
Out of office rn so can't go into detail, but my conclusion is the opposite here: we do need to handle accounts that have different characteristics on different networks, and that may need to be listed on one network but not another, because of the Ledger limitation. If we do that we should probably apply it to generated/imported accounts as well to avoid unexpected behavior if eg a user chooses to move a Tally seed phrase to a ledger (even though this isn't necessarily recommended). Another option would be deciding which Ledger app to request the user opens based on derivation path, but then we could end up with a user being prompted to open the RSK app to sign an ethereum transaction because they got confused. Cc @mhluongo here for more thoughts while I'm out. |
@Shadowfiend I read the whole thread again and the possibility of restoring the seed into Ledger (I missed that scenario) and now I see more clearly your concerns. |
@Shadowfiend if the user goes with the "import recovery phrase" option, he/she consciously selects the derivation path that wants to apply so this is a flow where the impact is minimum. Maybe it's more concerning for the "create new wallet" flow. |
Related: #2673 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code looks good. I think the concern related to the derivation path is valid but we should track it in a different issue as it is currently only a problem for RSK, and, also seems more of a product decision that's being partially addressed in #2673. Approving but leaving up in case @greg-nagy wants to give it another pass.
background/services/name/index.ts
Outdated
return nameRecord | ||
} | ||
|
||
// if there is no loacal name then look deeper |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// if there is no loacal name then look deeper | |
// If there is no local name then look deeper |
background/redux-slices/accounts.ts
Outdated
return | ||
} | ||
|
||
immerState.accountsData.evm[chainID] ??= {} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can omit this because of the previous check right?
background/services/name/index.ts
Outdated
system, | ||
} as const | ||
|
||
// emmit local names without a network and update all address networks paird in the redux? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// emmit local names without a network and update all address networks paird in the redux? | |
// Emit local names without a network and update all address network pairs in Redux |
Latest state of my thinking on this PR:
Basically I'm still in “we should modify the approach here”, but with weak conviction, and if we land this as-is I think that's fine. I think there's still some stuff lurking around account handling for networks with non-Ethereum derivation paths (Bitcoin, RSK, etc) that will trigger further revisiting this stuff if and when more work is put in on that front. |
@hyphenized @jagodarybacka what do you think? would you move forward with this approach? Any further changes that we can help with? |
Picking this up hopefully this week based on the approach outlined in RFB 5. |
Resolves #2448
What
Local names of addresses should be global so they should be the same regardless of the selected network.
Screen.Recording.2022-11-07.at.17.02.30.mov
Testing
Latest build: extension-builds-2555 (as of Thu, 06 Apr 2023 14:55:09 GMT).