vacuumlabs/trezor-firmware

Fix metadata validation

refi93 opened this issue · 1 comments

refi93 commented

Currently, Trezor enforces the tx metadata to be a valid CBOR dict which isn't accurate anymore as the format has been extended to be an array as well

Current Trezor code:

trezor-firmware/core/src/apps/cardano/sign_tx.py

Line 315 in 10edcb0

if not isinstance(decoded, dict):

New CDDL: https://github.com/input-output-hk/cardano-ledger-specs/blob/master/shelley-ma/shelley-ma-test/cddl-files/shelley-ma.cddl

Proposed fix: relax the validation of metadata to only be a valid CBOR

We may consider reworking the serialized tx format to return the unsigned serialized tx body, witnesses and serialized metadata separately and have trezor connect/cli assemble the full transaction separately and we could remove metadata validation completely then as the original concern was CBOR-injection within Trezor should the tx format change in the future: trezor#1145 (comment)

gabrielKerekes commented

The validation has been removed as part of Catalyst update.