Data not shown to "Review the transaction addresses and the amount to send" #830
Comments
SvenMeyer
changed the title
|
This screen does not exist in the latest released version; it was removed at some point before release due to compatibility problems (possibly compromising). Documentation is badly outdated, we are re-writing it for the next release that will have this feature |
|
@Slesarew thanks for your feedback ! Not sure what the plan is, but of course being able to verify what amount is send to what address is (one of) the main points of the app ... and the 2nd screen looks exactly what I would like and expect. Note: As more and more user come into the Polkadot ecosystem, putting more and more money into it, I think it's super important to have a working 2FA / offline-sign solution. Thanks for looking into it ! |
|
Yes, verifying the transactions is essential; with older structure of the app doing it reliably was not really possible. We have re-written payload parsing in pure rust and are testing it extensively and also allowing animated QR video updates for keeping the app up to date with constantly evolving networks and add more networks as they grow. The release is tentatively planned for the end of this year or beginning of the next; as I said, the core functionality is already implemented, now we are just making sure things are as reliable as possible (well, and hopefully pretty too). For the reasons you are stating. Thanks for understanding. |
|
@Slesarew Thanks for taking care of that ! However does that mean that for the next 3-4 months I will not be able to verify my transaction, which was (more or less) the reason why Nexus Mutual CEO Hugh Karp lost $8.3 million ? ... and we will likely have all the Polkadot parachain auctions (with a lot !! of DOT moving around) Isn't there a working "intermediate solution" which will display at least the destination address ? |
|
There is, but it's not particularly endorsed by Parity. It's called Stylo, you can find it here: https://github.com/stylo-app/stylo More importantly, it shows you what you sign, it's maintained (for now until Signer get its fancy new release at least). |
|
The biggest problem of Stylo and the Signer (not as it was released, but as work in progress version) at this moment is really lack of testing and audition. At the beginning of my work with older Signer's code I was able to abuse the app into memory leaks resulting in incorrect transaction parsing - it worked this way only in reactnative, probably it was related to some OS version's features, but there is certainly some danger here. It's way better than not seeing what you are signing, of course, but keep in mind - Signer always was in a state of "beta" software (unlike the app that was used in that infamous case you cite, correct me if I'm wrong), so don't expect complete reliability beyond the airgapping's inherent advantages. Depending on your security needs you might want to resort to keeping some accounts with smaller funds in browser plugin, use multisignatures and other tools to harden security where transactions must be made (actually, proper use of multisignature tool kind of hot-fixes the transaction parsing issue for old Signer; however I can't give proper advice on how to work with it - please refer to support channels for more information). And both Signer and Stylo are perfect for storing accounts for long term at the moment. Piece of paper with backed up seed phrase would do the same storage job; "long term" is certainly way longer than the time before Signer will be released. |
I followed the instructions here ...
https://github.com/paritytech/parity-signer/blob/master/docs/tutorials/Kusama-tutorial.md
It worked, but when the QR code with the signed transaction shows up, I can not see and not scroll down to "Review the transaction addresses and the amount to send".
So I can NOT get to the 2nd screen as shown in the docs.
The text was updated successfully, but these errors were encountered: