feat: add 7702 methods to ledger#564
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit d244a63. Configure here.
| const value = String(recoveryParam).trim(); | ||
| const withoutPrefix = | ||
| value.startsWith('0x') || value.startsWith('0X') ? value.slice(2) : value; | ||
| const radix = /[a-f]/iu.test(withoutPrefix) ? 16 : 10; | ||
|
|
||
| return parseInt(withoutPrefix, radix); |
There was a problem hiding this comment.
Actually I think the logic is wrong here.
If we have a number like 0x100 (= 256), then this would be parsed as 100 (radix=10) which is wrong.
IMO we can do without the regex too:
| const value = String(recoveryParam).trim(); | |
| const withoutPrefix = | |
| value.startsWith('0x') || value.startsWith('0X') ? value.slice(2) : value; | |
| const radix = /[a-f]/iu.test(withoutPrefix) ? 16 : 10; | |
| return parseInt(withoutPrefix, radix); | |
| const value = String(recoveryParam).trim(); | |
| if (value.startsWith('0x') || value.startsWith('0X')) { | |
| return parseInt(value.slice(2), 16); | |
| } | |
| return parseInt(value, 10); |
My suggestion is not fully safe either... If the input is 0x or 0X, then parseInt will return NaN. I'm not sure what we should do here? Cause initially we were not even filtering those NaN 😅 I guess we could have an assert(result !== NaN) too? 🤔
| const yParity = | ||
| recoveryValue === 0 || recoveryValue === 1 | ||
| ? recoveryValue | ||
| : recoveryValue - 27; | ||
| const signature = `0x${payload.r}${payload.s}${yParity.toString(16).padStart(2, '0')}`; |
There was a problem hiding this comment.
Would be nice to have some comments here.
Also, I wouldn't compute the hex within the format string. Maybe we could have a toSomething(recoveryValue) that would do the right thing? Including the padding formatting?
2 participants
This PR adds the 7702 methods to the ledger keyring. The method itself is not usable until the dmk support has been added.
Examples
Note
Medium Risk
Introduces new hardware-backed authorization signing and signature recovery; iframe/mobile paths reject the operation until device support lands, but mistakes in parity or recovery could affect account safety.
Overview
Adds EIP-7702 delegation authorization signing to the Ledger keyring:
LedgerKeyring.signEip7702Authorizationunlocks the account, calls a new bridge methoddeviceSignDelegationAuthorization(chainId, contract address without0x, nonce), normalizes Ledgervto y-parity, and verifies the result withrecoverEIP7702Authorization.The
LedgerBridgecontract gains delegation sign types anddeviceSignDelegationAuthorization. Iframe and mobile bridges implement the method by throwing (not supported on those transports yet; PR notes DMK work is still pending).Personal sign and EIP-712 paths now use a shared
#parseLedgerRecoveryParamso Ledgervvalues like hex'1b'parse correctly before legacy normalization.The v2
LedgerKeyringadvertisesSignEip7702Authorizationin account methods (viaEthKeyringMethod). Changelog and Jest coverage thresholds are updated; tests cover the new flow and recovery-param edge cases.Reviewed by Cursor Bugbot for commit f1b063e. Bugbot is set up for automated code reviews on this repo. Configure here.