From ccfb3d7b6ac59e1e33eb8e9011d2b078c7310d7d Mon Sep 17 00:00:00 2001 From: James Brown Date: Sun, 10 Sep 2023 15:40:09 +1000 Subject: [PATCH 1/2] Add protection for raw sign --- .../repository/PreferenceRepositoryType.java | 4 ++ .../SharedPreferenceRepository.java | 13 +++++ .../app/ui/AdvancedSettingsActivity.java | 15 +++++ .../java/com/alphawallet/app/util/Utils.java | 20 ++++++- .../viewmodel/AdvancedSettingsViewModel.java | 10 ++++ .../WalletConnectV2SessionRequestHandler.java | 57 ++++++++++++++++++- .../app/widget/ActionSheetSignDialog.java | 6 ++ .../app/widget/SignDataWidget.java | 18 +++++- .../main/res/drawable/ic_settings_warning.xml | 5 ++ app/src/main/res/layout/item_sign_data.xml | 39 +++++++++---- app/src/main/res/values-es/strings.xml | 7 +++ app/src/main/res/values-fr/strings.xml | 7 +++ app/src/main/res/values-id/strings.xml | 7 +++ app/src/main/res/values-my/strings.xml | 7 +++ app/src/main/res/values-vi/strings.xml | 7 +++ app/src/main/res/values-zh/strings.xml | 7 +++ app/src/main/res/values/strings.xml | 7 +++ .../token/entity/EthereumMessage.java | 30 ++++++++++ .../alphawallet/token/entity/Signable.java | 5 ++ 19 files changed, 252 insertions(+), 19 deletions(-) create mode 100644 app/src/main/res/drawable/ic_settings_warning.xml diff --git a/app/src/main/java/com/alphawallet/app/repository/PreferenceRepositoryType.java b/app/src/main/java/com/alphawallet/app/repository/PreferenceRepositoryType.java index 84224dacca..fdbba7fe20 100644 --- a/app/src/main/java/com/alphawallet/app/repository/PreferenceRepositoryType.java +++ b/app/src/main/java/com/alphawallet/app/repository/PreferenceRepositoryType.java @@ -46,6 +46,10 @@ public interface PreferenceRepositoryType void setUse1559Transactions(boolean toggleState); + boolean getDeveloperOverride(); + + void setDeveloperOverride(boolean toggleState); + boolean isTestnetEnabled(); void setTestnetEnabled(boolean enabled); diff --git a/app/src/main/java/com/alphawallet/app/repository/SharedPreferenceRepository.java b/app/src/main/java/com/alphawallet/app/repository/SharedPreferenceRepository.java index fe3c1a321d..128fc76004 100644 --- a/app/src/main/java/com/alphawallet/app/repository/SharedPreferenceRepository.java +++ b/app/src/main/java/com/alphawallet/app/repository/SharedPreferenceRepository.java @@ -32,6 +32,7 @@ public class SharedPreferenceRepository implements PreferenceRepositoryType { public static final String HIDE_ZERO_BALANCE_TOKENS = "hide_zero_balance_tokens"; public static final String FULL_SCREEN_STATE = "full_screen"; public static final String EXPERIMENTAL_1559_TX = "ex_1559_tx"; + public static final String DEVELOPER_OVERRIDE = "developer_override"; public static final String TESTNET_ENABLED = "testnet_enabled"; public static final String PRICE_ALERTS = "price_alerts"; private static final String SET_NETWORK_FILTERS = "set_filters"; @@ -184,6 +185,18 @@ public void setUse1559Transactions(boolean state) pref.edit().putBoolean(EXPERIMENTAL_1559_TX, state).apply(); } + @Override + public boolean getDeveloperOverride() + { + return pref.getBoolean(DEVELOPER_OVERRIDE, false); + } + + @Override + public void setDeveloperOverride(boolean state) + { + pref.edit().putBoolean(DEVELOPER_OVERRIDE, state).apply(); + } + @Override public boolean isTestnetEnabled() { diff --git a/app/src/main/java/com/alphawallet/app/ui/AdvancedSettingsActivity.java b/app/src/main/java/com/alphawallet/app/ui/AdvancedSettingsActivity.java index 2c26a6dc6d..ef0e2425de 100644 --- a/app/src/main/java/com/alphawallet/app/ui/AdvancedSettingsActivity.java +++ b/app/src/main/java/com/alphawallet/app/ui/AdvancedSettingsActivity.java @@ -44,6 +44,7 @@ public class AdvancedSettingsActivity extends BaseActivity private SettingsItemView eip1559Transactions; private SettingsItemView analytics; private SettingsItemView crashReporting; + private SettingsItemView developerOverride; private AWalletAlertDialog waitDialog = null; @Nullable @@ -142,8 +143,21 @@ private void initializeSettings() .withListener(this::onCrashReportingClicked) .build(); + developerOverride = new SettingsItemView.Builder(this) + .withType(SettingsItemView.Type.TOGGLE) + .withIcon(R.drawable.ic_settings_warning) + .withTitle(R.string.developer_override) + .withListener(this::onDeveloperOverride) + .build(); + fullScreenSettings.setToggleState(viewModel.getFullScreenState()); eip1559Transactions.setToggleState(viewModel.get1559TransactionsState()); + developerOverride.setToggleState(viewModel.getDeveloperOverrideState()); + } + + private void onDeveloperOverride() + { + viewModel.toggleDeveloperOverride(developerOverride.getToggleState()); } private void onFullScreenClicked() @@ -172,6 +186,7 @@ private void addSettingsToLayout() advancedSettingsLayout.addView(eip1559Transactions); advancedSettingsLayout.addView(analytics); advancedSettingsLayout.addView(crashReporting); + advancedSettingsLayout.addView(developerOverride); } private void onNodeStatusClicked() diff --git a/app/src/main/java/com/alphawallet/app/util/Utils.java b/app/src/main/java/com/alphawallet/app/util/Utils.java index b7cfbbf04a..d2972e2872 100644 --- a/app/src/main/java/com/alphawallet/app/util/Utils.java +++ b/app/src/main/java/com/alphawallet/app/util/Utils.java @@ -14,11 +14,14 @@ import android.content.pm.InstallSourceInfo; import android.content.pm.PackageManager; import android.content.res.Resources; +import android.graphics.Color; import android.graphics.Typeface; import android.net.Uri; import android.os.Build; +import android.text.Spannable; import android.text.TextUtils; import android.text.format.DateUtils; +import android.text.style.ForegroundColorSpan; import android.text.style.StyleSpan; import android.util.Base64; import android.util.TypedValue; @@ -26,6 +29,7 @@ import androidx.annotation.ColorInt; import androidx.annotation.RawRes; +import androidx.annotation.StyleRes; import androidx.fragment.app.FragmentActivity; import com.alphawallet.app.BuildConfig; @@ -221,7 +225,7 @@ public static int getSigningTitle(Signable signable) { default: case SIGN_MESSAGE: - return R.string.dialog_title_sign_message; + return R.string.dialog_title_sign_message_sheet; //warn user this is unsafe case SIGN_PERSONAL_MESSAGE: return R.string.dialog_title_sign_personal_message; case SIGN_TYPED_DATA: @@ -231,6 +235,20 @@ public static int getSigningTitle(Signable signable) } } + public static CharSequence getSignMessageTitle(String message) + { + //produce readable text to display in the signing prompt + StyledStringBuilder sb = new StyledStringBuilder(); + sb.startStyleGroup(); + sb.append(message); + int i = message.length(); + sb.setSpan(new ForegroundColorSpan(Color.RED), 0, 1, Spannable.SPAN_EXCLUSIVE_EXCLUSIVE); + sb.setSpan(new ForegroundColorSpan(Color.RED), i-1, i, Spannable.SPAN_EXCLUSIVE_EXCLUSIVE); + sb.applyStyles(); + + return sb; + } + public static CharSequence formatTypedMessage(ProviderTypedData[] rawData) { //produce readable text to display in the signing prompt diff --git a/app/src/main/java/com/alphawallet/app/viewmodel/AdvancedSettingsViewModel.java b/app/src/main/java/com/alphawallet/app/viewmodel/AdvancedSettingsViewModel.java index dbb556eabd..8e5623f8d3 100644 --- a/app/src/main/java/com/alphawallet/app/viewmodel/AdvancedSettingsViewModel.java +++ b/app/src/main/java/com/alphawallet/app/viewmodel/AdvancedSettingsViewModel.java @@ -75,6 +75,16 @@ public boolean get1559TransactionsState() return preferenceRepository.getUse1559Transactions(); } + public boolean getDeveloperOverrideState() + { + return preferenceRepository.getDeveloperOverride(); + } + + public void toggleDeveloperOverride(boolean toggleState) + { + preferenceRepository.setDeveloperOverride(toggleState); + } + public boolean getFullScreenState() { return preferenceRepository.getFullScreenState(); diff --git a/app/src/main/java/com/alphawallet/app/walletconnect/WalletConnectV2SessionRequestHandler.java b/app/src/main/java/com/alphawallet/app/walletconnect/WalletConnectV2SessionRequestHandler.java index f739b269e5..e08e3233b5 100644 --- a/app/src/main/java/com/alphawallet/app/walletconnect/WalletConnectV2SessionRequestHandler.java +++ b/app/src/main/java/com/alphawallet/app/walletconnect/WalletConnectV2SessionRequestHandler.java @@ -1,10 +1,14 @@ package com.alphawallet.app.walletconnect; +import static com.alphawallet.app.repository.SharedPreferenceRepository.DEVELOPER_OVERRIDE; + import android.app.Activity; import android.content.Intent; +import android.content.SharedPreferences; import androidx.appcompat.app.AppCompatActivity; import androidx.fragment.app.FragmentManager; +import androidx.preference.PreferenceManager; import com.alphawallet.app.R; import com.alphawallet.app.entity.walletconnect.SignType; @@ -17,6 +21,8 @@ import com.alphawallet.app.widget.AWalletAlertDialog; import com.alphawallet.app.widget.ActionSheet; import com.alphawallet.app.widget.ActionSheetSignDialog; +import com.alphawallet.token.entity.EthereumMessage; +import com.alphawallet.token.entity.SignMessageType; import com.alphawallet.token.entity.Signable; import com.walletconnect.web3.wallet.client.Wallet; @@ -72,9 +78,13 @@ private void showDialog(String method, ActionSheetCallback aCallback) { Signable signable = signRequest.getSignable(sessionRequest.getRequest().getId(), Objects.requireNonNull(settledSession.getMetaData()).getUrl()); - if (!validateChainId(signable)) + if (signable.isDangerous()) + { + showNotSigning(aCallback, signRequest, signable); + } + else if (!validateChainId(signable)) { - showErrorDialog(aCallback, signable, getSessionItem()); + checkProceed(aCallback, signRequest, signable); } else { @@ -98,7 +108,7 @@ private boolean validateChainId(Signable signable) case SIGN_TYPED_DATA_V3: case SIGN_TYPED_DATA_V4: return (signable.getChainId() == -1 || //if chainId is unspecified treat as no restriction intended - !getChainListFromSession().contains(signable.getChainId())); + getChainListFromSession().contains(signable.getChainId())); case ATTESTATION: //TODO: Check attestation signing chain return true; @@ -143,6 +153,25 @@ private void showActionSheet(ActionSheetCallback aCallback, BaseRequest signRequ actionSheet.show(); } + private void checkProceed(ActionSheetCallback aCallback, BaseRequest signRequest, Signable signable) + { + AWalletAlertDialog errorDialog = new AWalletAlertDialog(activity, AWalletAlertDialog.ERROR); + String networkName = EthereumNetworkBase.isChainSupported(signable.getChainId()) ? EthereumNetworkBase.getShortChainName(signable.getChainId()) + : Long.toString(signable.getChainId()); + String message = activity.getString(R.string.session_not_authorised, networkName); + errorDialog.setMessage(message); + errorDialog.setButton(R.string.override, v -> { + errorDialog.dismiss(); + showActionSheet(aCallback, signRequest, signable); + }); + errorDialog.setSecondaryButton(R.string.action_cancel, v -> { + errorDialog.dismiss(); + cancelRequest(aCallback, signable, errorDialog); + }); + errorDialog.setCancelable(false); + errorDialog.show(); + } + private void showErrorDialog(ActionSheetCallback aCallback, Signable signable, WalletConnectV2SessionItem session) { AWalletAlertDialog errorDialog = new AWalletAlertDialog(activity, AWalletAlertDialog.ERROR); @@ -154,10 +183,32 @@ private void showErrorDialog(ActionSheetCallback aCallback, Signable signable, W errorDialog.setButton(R.string.action_view_session, v -> { openSessionDetail(session); cancelRequest(aCallback, signable, errorDialog); + errorDialog.dismiss(); }); errorDialog.setSecondaryButton(R.string.action_cancel, v -> { cancelRequest(aCallback, signable, errorDialog); + errorDialog.dismiss(); + }); + errorDialog.setCancelable(false); + errorDialog.show(); + } + + private void showNotSigning(ActionSheetCallback aCallback, BaseRequest signRequest, Signable signable) + { + final SharedPreferences pref = PreferenceManager.getDefaultSharedPreferences(activity); + boolean hasDeveloperOverride = pref.getBoolean(DEVELOPER_OVERRIDE, false); + AWalletAlertDialog errorDialog = new AWalletAlertDialog(activity, AWalletAlertDialog.ERROR); + errorDialog.setMessage(activity.getString(R.string.override_warning_text)); + errorDialog.setButton(R.string.action_cancel, v -> { + cancelRequest(aCallback, signable, errorDialog); }); + if (hasDeveloperOverride) + { + errorDialog.setSecondaryButton(R.string.override, v -> { + showActionSheet(aCallback, signRequest, signable); + errorDialog.dismiss(); + }); + } errorDialog.setCancelable(false); errorDialog.show(); } diff --git a/app/src/main/java/com/alphawallet/app/widget/ActionSheetSignDialog.java b/app/src/main/java/com/alphawallet/app/widget/ActionSheetSignDialog.java index ccef036430..d66bf3795b 100644 --- a/app/src/main/java/com/alphawallet/app/widget/ActionSheetSignDialog.java +++ b/app/src/main/java/com/alphawallet/app/widget/ActionSheetSignDialog.java @@ -23,6 +23,7 @@ import com.alphawallet.app.viewmodel.SignDialogViewModel; import com.alphawallet.hardware.SignatureFromKey; import com.alphawallet.hardware.SignatureReturnType; +import com.alphawallet.token.entity.SignMessageType; import com.alphawallet.token.entity.Signable; import com.bumptech.glide.Glide; @@ -93,6 +94,11 @@ private void setupView() functionBar.setPrimaryButtonEnabled(true); }); } + else if (signable.getMessageType() == SignMessageType.SIGN_MESSAGE) + { + toolbar.setTitle(Utils.getSignMessageTitle(getContext().getString(R.string.dialog_title_sign_message_sheet))); + signWidget.setupSignData(signable); + } else { toolbar.setTitle(Utils.getSigningTitle(signable)); diff --git a/app/src/main/java/com/alphawallet/app/widget/SignDataWidget.java b/app/src/main/java/com/alphawallet/app/widget/SignDataWidget.java index a7f091dc79..703ac82acf 100644 --- a/app/src/main/java/com/alphawallet/app/widget/SignDataWidget.java +++ b/app/src/main/java/com/alphawallet/app/widget/SignDataWidget.java @@ -14,6 +14,7 @@ import com.alphawallet.app.R; import com.alphawallet.app.entity.ActionSheetInterface; +import com.alphawallet.token.entity.SignMessageType; import com.alphawallet.token.entity.Signable; /** @@ -98,8 +99,19 @@ public void setupSignData(Signable signable) { this.signable = signable; String message = signable.getUserMessage().toString(); - previewText.setText(message); - messageText.setText(message); + + if (signable.getMessageType() == SignMessageType.SIGN_MESSAGE) //Warn user that sign is dangerous + { + ((ImageView)findViewById(R.id.image_sign_warning)).setVisibility(View.VISIBLE); + previewText.setText(R.string.sign_message_could_be_a_scam); + message = getContext().getString(R.string.sign_message_could_be_a_scam2) + "\n\n" + message; + messageText.setText(message); + } + else + { + previewText.setText(message); + messageText.setText(message); + } layoutHolder.setOnClickListener(v -> { if (previewText.getVisibility() == View.VISIBLE) @@ -140,4 +152,4 @@ public interface ScrollListener { void hasScrolledToBottom(); } -} \ No newline at end of file +} diff --git a/app/src/main/res/drawable/ic_settings_warning.xml b/app/src/main/res/drawable/ic_settings_warning.xml new file mode 100644 index 0000000000..2b6fcaca2e --- /dev/null +++ b/app/src/main/res/drawable/ic_settings_warning.xml @@ -0,0 +1,5 @@ + + + + diff --git a/app/src/main/res/layout/item_sign_data.xml b/app/src/main/res/layout/item_sign_data.xml index add3046665..d3922d70af 100644 --- a/app/src/main/res/layout/item_sign_data.xml +++ b/app/src/main/res/layout/item_sign_data.xml @@ -28,28 +28,43 @@ android:gravity="start|center_vertical" android:text="@string/message_to_sign" /> + + + + + + + android:id="@+id/image_more" + android:layout_width="0dp" + android:layout_height="wrap_content" + android:layout_gravity="start" + android:layout_weight="@integer/widget_control" + android:background="@color/transparent" + android:src="@drawable/ic_expand_more" + app:tint="?colorControlNormal" /> @@ -72,4 +87,4 @@ - \ No newline at end of file + diff --git a/app/src/main/res/values-es/strings.xml b/app/src/main/res/values-es/strings.xml index faaef62664..41142c43fa 100644 --- a/app/src/main/res/values-es/strings.xml +++ b/app/src/main/res/values-es/strings.xml @@ -325,6 +325,9 @@ Dirección Solicitante Firmar mensaje + ⚠ Firmar mensaje ⚠ + Peligro: Verifique antes de firmar + Podría estar en peligro de perder sus tokens, especialmente si esta solicitud proviene de un \'airdrop\'. Sign Message es utilizado principalmente por estafadores. Haga una búsqueda en la web de este sitio web y utilice \'estafa\'. Firmar \'Personal\' mensaje Firmar \'Typed\' mensaje Rechazar @@ -988,4 +991,8 @@ Smart Pass importado Se ha importado un pase inteligente. Su pase debe ser actualizado. No hay conexión a la red Smart Layer: intente importar su Pass nuevamente más tarde. + Esta sesión no está autorizada para firmar mensajes en %s, sin embargo, puedes evitar esta restricción para firmar. Con mensaje escrito no hay peligro. + Anular + Anulación del Desarrollador + Es posible que esté a punto de firmar una transacción sin saberlo, lo que podría vaciar sus fondos. Es posible que desee firmar el código de bytes como desarrollador y puede anular esta advertencia si configura el modo de desarrollador en la configuración avanzada. diff --git a/app/src/main/res/values-fr/strings.xml b/app/src/main/res/values-fr/strings.xml index db6caa48b5..ba8a7bb9a4 100644 --- a/app/src/main/res/values-fr/strings.xml +++ b/app/src/main/res/values-fr/strings.xml @@ -335,6 +335,9 @@ Adresse Demandeur Signer message + ⚠ Signer message ⚠ + Danger: Vérifiez avant de signer + Vous pourriez courir le risque de perdre vos jetons, surtout si cette demande provenait d\'un « airdrop ». Sign Message est principalement utilisé par les escrocs. Effectuez une recherche sur ce site Web et utilisez « arnaque ». Signer un message personnel Signer un message dactylographié Rejeter @@ -1002,4 +1005,8 @@ Imported Smart Pass Smart pass has been imported. Your pass should be upgraded. No connection to Smart Layer network - try to import your token again later. + Cette session n\'est pas autorisée à signer des messages sur %s mais vous pouvez contourner cette restriction pour signer. Avec un message tapé, il n\'y a aucun danger. + Passer outre + Remplacement du Développeur + Vous êtes peut-être sur le point de signer sans le savoir une transaction, ce qui pourrait vider vos fonds. Vous souhaiterez peut-être signer le bytecode en tant que développeur et vous pouvez ignorer cet avertissement si vous définissez le mode développeur dans les paramètres avancés. diff --git a/app/src/main/res/values-id/strings.xml b/app/src/main/res/values-id/strings.xml index d2b19b5842..b3ce21920f 100644 --- a/app/src/main/res/values-id/strings.xml +++ b/app/src/main/res/values-id/strings.xml @@ -336,6 +336,9 @@ Alamat Pemohon Tandai Pesan + ⚠ Tandai Pesan ⚠ + Bahaya: Periksa sebelum menandatangani + Anda bisa berada dalam bahaya kehilangan token Anda terutama jika permintaan ini datang dari \'airdrop\'. Sign Message digunakan terutama oleh scammers. Lakukan penelusuran web untuk situs web ini dan gunakan \'penipuan\'. Tandai Pesan Pribadi Tandai pesan yang diketik Tolak @@ -993,4 +996,8 @@ SmartPass yang Diimpor SmartPass telah diimpor. Pass Anda harus ditingkatkan. Tidak ada koneksi ke jaringan SmartLayer - coba impor Pass Anda lagi nanti. + Sesi ini tidak diizinkan untuk menandatangani pesan di %s namun Anda dapat melewati batasan ini untuk menandatangani. Dengan pesan yang diketik tidak ada bahaya. + Mengesampingkan + Penggantian Pengembang + Anda mungkin tanpa sadar menandatangani transaksi, yang dapat mengosongkan dana Anda. Anda mungkin ingin menandatangani bytecode sebagai pengembang, dan Anda dapat mengabaikan peringatan ini jika Anda menyetel mode pengembang di Setelan lanjutan. diff --git a/app/src/main/res/values-my/strings.xml b/app/src/main/res/values-my/strings.xml index 87c2d57de7..ccd4169218 100644 --- a/app/src/main/res/values-my/strings.xml +++ b/app/src/main/res/values-my/strings.xml @@ -343,6 +343,9 @@ လိပ်စာ တောင်းခံသူ မက်ဆေ့ကိုလက်မှတ်ထိုးမည် + ⚠ မက်ဆေ့ကိုလက်မှတ်ထိုးမည် ⚠ + အန္တရာယ်- လက်မှတ်မထိုးမီ စစ်ဆေးပါ။ + ဤတောင်းဆိုချက်သည် \'airdrop\' မှလာပါက သင်၏ တိုကင် esp ဆုံးရှုံးရန် အန္တရာယ်ရှိနိုင်သည်။ Sign Message ကို လိမ်လည်သူများမှ အဓိကအသုံးပြုသည်။ ဤဝဘ်ဆိုက်အတွက် ဝဘ်ရှာဖွေပြီး \'scam\' ကို အသုံးပြုပါ။ ကိုယ်ပိုင်မက်ဆေ့လက်မှတ်ထိုးမည် ရေးထားသောမက်ဆေ့ကိုလက်မှတ်ထိုးမည် ငြင်းပယ်သည် @@ -1023,4 +1026,8 @@ တင်သွင်းတဲ့ SmartPass SmartPass ကို တင်သွင်းခဲ့ပါတယ်။ ခင်ဗျားရဲ့ လက်မှတ်ကို အဆင့်မြှင့်သင့်ပါတယ်။ SmartLayer ကွန်ယက်နဲ့ ဆက်သွယ်မှုမရှိပါနဲ့ - နောက်ပိုင်းမှာ SmartPass ကို တင်သွင်းဖို့ ကြိုးစားပါ။ + ဤစက်ရှင်သည် %s တွင် မက်ဆေ့ချ်များကို လက်မှတ်ထိုးရန် လုပ်ပိုင်ခွင့်မရှိသော်လည်း လက်မှတ်ထိုးရန် ဤကန့်သတ်ချက်ကို ကျော်ဖြတ်နိုင်သည်။ စာရိုက်ခြင်းဖြင့် အန္တရာယ်မရှိပါ။ + ပဓာန + Developer Override + သင့်ငွေများကို အချည်းနှီးဖြစ်စေနိုင်သည့် ငွေပေးငွေယူတစ်ခုအား သင်မသိလိုက်ဘဲ လက်မှတ်ထိုးပါတော့မည်။ သင်သည် ဆော့ဖ်ဝဲအင်ဂျင်နီယာတစ်ဦးအနေဖြင့် bytecode ကို လက်မှတ်ထိုးလိုနိုင်ပြီး၊ Advanced ဆက်တင်များတွင် developer မုဒ်ကို သင်သတ်မှတ်ပါက ဤသတိပေးချက်ကို အစားထိုးနိုင်ပါသည်။ diff --git a/app/src/main/res/values-vi/strings.xml b/app/src/main/res/values-vi/strings.xml index 84ad77f22f..cdd527ae30 100644 --- a/app/src/main/res/values-vi/strings.xml +++ b/app/src/main/res/values-vi/strings.xml @@ -338,6 +338,9 @@ Địa chỉ Người yêu cầu Sign Message + ⚠ Sign Message ⚠ + Nguy hiểm: Kiểm tra trước khi ký + Đặc biệt, bạn có thể gặp nguy cơ mất mã thông báo nếu yêu cầu này đến từ \'airdrop\'. Tin nhắn ký hiệu chủ yếu được sử dụng bởi những kẻ lừa đảo. Thực hiện tìm kiếm trên web cho trang web này và sử dụng \'scam\'. Sign Personal Message Sign Typed Message Từ chối @@ -1002,4 +1005,8 @@ SmartPass nhập khẩu SmartPass đã được nhập. Thẻ của bạn nên được nâng cấp. Không có kết nối với mạng SmartLayer - hãy thử nhập lại SmartPass của bạn sau. + Phiên này không được phép ký tin nhắn trên %s tuy nhiên bạn có thể bỏ qua hạn chế này để ký. Với tin nhắn đánh máy không có nguy hiểm. + Ghi đè + Ghi đè Nhà phát triển + Bạn có thể sắp vô tình ký một giao dịch, điều này có thể khiến tiền của bạn bị rỗng. Bạn có thể muốn ký mã byte với tư cách là nhà phát triển và bạn có thể ghi đè cảnh báo này nếu bạn đặt chế độ nhà phát triển trong cài đặt Nâng cao. diff --git a/app/src/main/res/values-zh/strings.xml b/app/src/main/res/values-zh/strings.xml index 386e8bc6b5..cca3a05fce 100644 --- a/app/src/main/res/values-zh/strings.xml +++ b/app/src/main/res/values-zh/strings.xml @@ -326,6 +326,9 @@ 签署人地址 请求链接 签署消息 + ⚠ 签署消息 ⚠ + 危险:签字前检查 + 您可能面临丢失代币的危险,尤其是如果此请求来自“空投”。 Sign Message 主要由诈骗者使用。 对该网站进行网络搜索并使用“诈骗”。 签署消息\'Personal\' 签署消息\'Typed\' 拒绝 @@ -989,4 +992,8 @@ 进口 SmartPass SmartPass 已导入。您的通票应升级。 没有连接到 SmartLayer 网络 - 稍后尝试再次导入您的 SmartPass。 + 此会话无权在 %s 上签署邮件,但是您可以绕过此限制进行签名。 使用键入的消息不会有任何危险。 + 覆盖 + 开发者覆盖 + 您可能会在不知情的情况下签署一项交易,这可能会清空您的资金。 您可能希望以开发人员的身份对字节码进行签名,如果您在高级设置中设置开发人员模式,则可以覆盖此警告。 diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml index 025039e8b8..473e385230 100644 --- a/app/src/main/res/values/strings.xml +++ b/app/src/main/res/values/strings.xml @@ -360,6 +360,9 @@ Address Requester Sign Message + ⚠ Sign Message ⚠ + Danger: Check before signing + You could be in danger of losing your tokens esp if this request came from an \'airdrop\'. Sign Message is used by scammers. Do a web search for this website and use \'scam\'. Sign Personal Message Sign Typed Message Reject @@ -1065,4 +1068,8 @@ Imported SmartPass SmartPass has been imported. Your Pass has been upgraded. No connection to SmartLayer network - try to import your SmartPass again later. + This session is not authorised to sign messages on %s however you can bypass this restriction to sign. With typed message there is no danger. + Override + Developer Override + You might be about to unknowingly sign a transaction, which could empty your funds. You may want to sign bytecode as a developer, and you can override this warning if you set developer mode in Advanced settings. diff --git a/lib/src/main/java/com/alphawallet/token/entity/EthereumMessage.java b/lib/src/main/java/com/alphawallet/token/entity/EthereumMessage.java index 7e47aa2021..19e778fa50 100644 --- a/lib/src/main/java/com/alphawallet/token/entity/EthereumMessage.java +++ b/lib/src/main/java/com/alphawallet/token/entity/EthereumMessage.java @@ -130,4 +130,34 @@ private boolean isHex(String testMsg) private byte[] getEthereumMessagePrefix(int messageLength) { return MESSAGE_PREFIX.concat(String.valueOf(messageLength)).getBytes(); } + + @Override + public boolean isDangerous() + { + boolean hasPrefix = hasPrefix(); + boolean isText = StandardCharsets.UTF_8.newEncoder().canEncode(userMessage); + + return !hasPrefix() && !StandardCharsets.UTF_8.newEncoder().canEncode(userMessage); + } + + public boolean hasPrefix() + { + //check for leading personal message: + byte[] msgPrefix = EthereumMessage.MESSAGE_PREFIX.getBytes(); + //match? + boolean hasPrefix = true; + if (prehash.length > msgPrefix.length) + { + for (int i = 0; i < msgPrefix.length; i++) + { + if (prehash[i] != msgPrefix[i]) + { + hasPrefix = false; + break; + } + } + } + + return hasPrefix; + } } diff --git a/lib/src/main/java/com/alphawallet/token/entity/Signable.java b/lib/src/main/java/com/alphawallet/token/entity/Signable.java index eb3be9b343..1083b87017 100644 --- a/lib/src/main/java/com/alphawallet/token/entity/Signable.java +++ b/lib/src/main/java/com/alphawallet/token/entity/Signable.java @@ -24,4 +24,9 @@ default long getChainId() { return -1; } + + default boolean isDangerous() + { + return false; + } } From 21d287da1b0bc49ff3f625dd1e0531c0657672bf Mon Sep 17 00:00:00 2001 From: James Brown Date: Mon, 11 Sep 2023 14:20:19 +1000 Subject: [PATCH 2/2] cleanup --- .../app/widget/SignDataWidget.java | 2 +- app/src/main/res/layout/item_sign_data.xml | 102 ++++++++---------- 2 files changed, 45 insertions(+), 59 deletions(-) diff --git a/app/src/main/java/com/alphawallet/app/widget/SignDataWidget.java b/app/src/main/java/com/alphawallet/app/widget/SignDataWidget.java index 703ac82acf..2593d50128 100644 --- a/app/src/main/java/com/alphawallet/app/widget/SignDataWidget.java +++ b/app/src/main/java/com/alphawallet/app/widget/SignDataWidget.java @@ -102,7 +102,7 @@ public void setupSignData(Signable signable) if (signable.getMessageType() == SignMessageType.SIGN_MESSAGE) //Warn user that sign is dangerous { - ((ImageView)findViewById(R.id.image_sign_warning)).setVisibility(View.VISIBLE); + previewText.setCompoundDrawablesRelativeWithIntrinsicBounds(R.drawable.ic_red_warning, 0, 0, 0); previewText.setText(R.string.sign_message_could_be_a_scam); message = getContext().getString(R.string.sign_message_could_be_a_scam2) + "\n\n" + message; messageText.setText(message); diff --git a/app/src/main/res/layout/item_sign_data.xml b/app/src/main/res/layout/item_sign_data.xml index d3922d70af..e1c7e8f239 100644 --- a/app/src/main/res/layout/item_sign_data.xml +++ b/app/src/main/res/layout/item_sign_data.xml @@ -1,63 +1,49 @@ + xmlns:app="http://schemas.android.com/apk/res-auto" + xmlns:tools="http://schemas.android.com/tools" + android:id="@+id/layout_holder" + android:layout_width="match_parent" + android:layout_height="wrap_content" + android:orientation="vertical"> - - + android:gravity="center_vertical" + android:minHeight="60dp" + android:orientation="horizontal" + android:paddingVertical="@dimen/standard_16" + android:paddingStart="@dimen/standard_16" + android:paddingEnd="@dimen/mini_4"> - - - + android:layout_weight="@integer/widget_label" + android:gravity="start|center_vertical" + android:text="@string/message_to_sign" /> - - + android:id="@+id/text_preview" + style="@style/Aw.Typography.Caption" + android:layout_width="0dp" + android:layout_height="wrap_content" + android:layout_marginHorizontal="@dimen/small_12" + android:layout_weight="@integer/widget_content" + android:ellipsize="end" + android:gravity="start" + android:maxLines="1" + android:visibility="visible" + tools:text="Message:\n Hi Alice!\nA number:\n 1337\nMessage:\n Hi Alice!\nA number:\n 1337\nMessage:\n Hi Alice!\nA number:\n 1337\nMessage:\n Hi Alice!\nA number:\n 1337\nMessage:\n Hi Alice!\nA number:\n 1337\nMessage:\n Hi Alice!\nA number:\n 1337\nMessage:\n Hi Alice!\nA number:\n 1337" /> + android:id="@+id/scroll_view" + android:layout_width="match_parent" + android:layout_height="250dp" + android:fillViewport="true" + android:visibility="gone" + tools:visibility="visible"> + android:id="@+id/text_message" + style="@style/Aw.Typography.Caption" + android:layout_width="match_parent" + android:layout_height="wrap_content" + android:gravity="start" + android:padding="@dimen/standard_16" + tools:text="Message:\n Hi Alice!\nA number:\n 1337\nMessage:\n Hi Alice!\nA number:\n 1337\nMessage:\n Hi Alice!\nA number:\n 1337\nMessage:\n Hi Alice!\nA number:\n 1337\nMessage:\n Hi Alice!\nA number:\n 1337\nMessage:\n Hi Alice!\nA number:\n 1337\nMessage:\n Hi Alice!\nA number:\n 1337" />