Skip to content

Commit

Permalink
Merge pull request #336 from LedgerHQ/doc/clear-signing-paths
Browse files Browse the repository at this point in the history
📝 Restructuration
  • Loading branch information
cfranceschi-ledger authored Jan 13, 2025
2 parents e6e16b0 + 2134c36 commit ae2b6b9
Showing 5 changed files with 119 additions and 96 deletions.
12 changes: 7 additions & 5 deletions pages/docs/clear-signing/_meta.js
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
export default {
'---': {
title: "Clear Signing",
type: 'separator'
type: "separator"
},
'getting-started': 'Getting started',
erc7730: 'ERC-7730: How to implement clear signing',
eip712: 'EIP-712 messages',
nft: 'ERC-721, ERC-1155 and ERC-20'
"getting-started": "Getting started",
erc7730: "dApps implementation with ERC-7730",
wallets: "Wallets implementation with the DMK",
eip712: "EIP-712 messages",
nft: "ERC-721, ERC-1155 and ERC-20",
improvements: "Future improvements"
}
119 changes: 40 additions & 79 deletions pages/docs/clear-signing/erc7730.mdx
Original file line number Diff line number Diff line change
@@ -1,110 +1,71 @@
import { Callout } from "nextra/components";
import Image from 'next/image'
import Image from "next/image"

# ERC-7730: How to implement clear signing
# dApps Clear Signing implementation with ERC-7730

<Callout type="info" emoji="ℹ️">

This implementation is currently for EVM chains only. Stay tuned for other protocols.
## Overview

<Callout type="info" emoji="ℹ️">
Currently, this implementation is supported for EVM chains only. Stay tuned for updates on other protocols!
</Callout>

The clear signing standard relies on a registry of smart contract metadata files. These files describe the operations and fields of the smart contract. This page outlines the process for adding your metadata to the registry.

## Adding to the registry

1. Fork the official registry
1. Add a metadata file
1. Preview your changes
1. Submit a pull request (PR)
1. Get approval and merge

### Fork the registry

The official registry is a public repo at [https://github.com/LedgerHQ/clear-signing-erc7730-registry](https://github.com/LedgerHQ/clear-signing-erc7730-registry)

### Add a metadata file

Describe your smart contract data following the ERC-7730 standard:

- See examples in [/registry](https://github.com/LedgerHQ/clear-signing-erc7730-registry/blob/master/registry)

- See JSON schema and file spec in [/specs/erc7730-v1.schema.json](https://github.com/LedgerHQ/clear-signing-erc7730-registry/blob/master/specs/erc7730-v1.schema.json) and [/specs/erc-7730.md](https://github.com/LedgerHQ/clear-signing-erc7730-registry/blob/master/specs/erc-7730.md)

### Preview your changes

Run the web app locally to preview your changes.

See the README in the repo for details: https://github.com/LedgerHQ/clear-signing-erc7730-registry/tree/master/developer-preview#readme

### Submit a pull Request

The [PR requirements](https://github.com/LedgerHQ/clear-signing-erc7730-registry/blob/master/README.md) are in the README of the registry.

Automated checks will run and give you feedback on your metadata file.

Approvers on the repo will also review and comment to help your PR through.
<Callout type="warning" emoji="⚠️">
Some special cases may require the development of an [Ethereum plugin](../device-app/getting-started). The Ledger team will guide you through this process if required.
</Callout>

Once approved and merged the metadata will join the registry 🎉
This guide will walk you through the process of implementing clear signing for ERC-7730 on EVM chains. This implementation uses a registry of smart contract metadata files.

### Seeing clear signed operations on Ledger devices
After your changes are merged, the Ledger **generic parser** will integrate them, making them available on Ledger devices such as Ledger Flex and Ledger Stax. The "generic parser" serves as the middle-layer deployed on the Ledger infrastructure to read and parse your JSON files.

Changes to the registry will be picked up by Ledger's generic parser and ultimately, be made available to Ledger devices.
This preview example shows how clear signing operations will be displayed:

<div style={{ paddingTop: "1em", width: "90%" }} className="center">
<figure>
<img
src="/clear-signing/preview-example-poap.png"
alt="Preview example with POAP operation"
<Image src="/clear-signing/preview-example-poap.png"
alt="Preview example with POAP operation"
width={800} height={600}
/>
</figure>
</div>

The preview tool allows you to see how the data will be displayed on Ledger Flex and Ledger Stax.
## How to Add Your Metadata to the Registry

<Callout type="info" emoji="💡">
If you would like add to the preview modes get in touch – open a PR or create
an issue on the repo
</Callout>
To add your metadata to the registry, follow these steps:

### Clear signing on other wallets and devices
1. Fork the official registry repository.
2. Add a metadata file describing your smart contract.
3. Preview your changes locally.
4. Submit a pull request (PR).
5. Await approval and merge your changes.

At Ledger we are keen for the community to contribute to the registry and for all wallet manufacturers and developers to use the standard. We believe that this will help to improve the security of the ecosystem for everyone and make it easier for more people to use smart contracts.
### Step 1: Fork the Official Registry

## Special cases
- The official registry is hosted on GitHub: [ERC-7730 Registry](https://github.com/LedgerHQ/clear-signing-erc7730-registry).

- For EIP-712 messages follow [this documentation](./eip712)
- For for ERC-721, ERC-1155 and ERC-20 follow [this documentation](./nft)
- If applicable, [add your token](../ledger-live/accounts/integration/tokens/evm-chains-tokens) in Ledger Live.
- Some special cases may require the development of an [Ethereum plugin](../device-app/getting-started). The Ledger team will guide you through this process if required.
### Step 2: Add a Metadata File

## Wallets
- Describe your smart contract data according to the ERC-7730 standard.
- Refer to example files available in the [registry directory](https://github.com/LedgerHQ/clear-signing-erc7730-registry/blob/master/registry).
- Follow the JSON schema and specification in the [specs/erc7730-v1.schema.json](https://github.com/LedgerHQ/clear-signing-erc7730-registry/blob/master/specs/erc7730-v1.schema.json) and [specs/erc-7730.md](https://github.com/LedgerHQ/clear-signing-erc7730-registry/blob/master/specs/erc-7730.md).

All you have to do is use the latest version of the [LedgerJS Ethereum transport library](https://github.com/LedgerHQ/ledger-live/tree/b2163a6eaafd46390d4a14bad8e62fcc10454c05/libs/ledgerjs/packages/hw-app-eth). It has been updated for the new standard. For more information on how to use the LedgerJS libraries read [this documentation](../device-interaction/getting-started).
### Step 3: Preview Your Changes

## Watch the "Request for Comment Session"
- Consult the [developer preview README](https://github.com/LedgerHQ/clear-signing-erc7730-registry/tree/master/developer-preview#readme) for instructions on setting up the preview environment.
- Run the web application locally to preview your changes.

To get an insight about our process and plan for the future of clear signing, we recommend you watching the "Request for Comment Session". You can read [the slides](https://www.keepandshare.com/doc13/view.php?id=32202&da=y).

<br />
### Step 4: Submit a Pull Request

<iframe
width="100%"
height="315"
src="https://www.youtube-nocookie.com//embed/-O7aX6vUvs8?si=ypUZmsQyyGPYcNn7"
title="YouTube video player"
frameBorder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowFullScreen
></iframe>
- Review the [PR requirements](https://github.com/LedgerHQ/clear-signing-erc7730-registry/blob/master/README.md) detailed in the README.
- Automated checks will run to provide feedback on your files.
- Repo approvers will review your submission and provide comments to assist the process.
- Once approved, your metadata will be merged into the registry.

## What's next?
**Success!** You have added your metadata to the registry 🎉

- Publication of an open source JSON edition tool to write the json description and display the information that the user will see on their devices,
- Decentralization of the peer review process,
- Generalization of the JSON standard to the Web3 ecosystem,
- Extension of this process to other protocols.
## Generic Parser Status

Stay tuned for further updates and evolutions on this topic as we continue to improve and expand our security measures, ensuring the highest protection for our users.
<Callout type="warning" emoji="⚠️">
**Generic Parser Not Yet Ready:** Please be aware that the Ledger generic parser is currently undergoing development and is not yet operational. This means that even after your metadata is merged, it won't immediately be available on Ledger devices. We appreciate your patience and will notify you once the parser is fully functional and capable of integrating metadata with Ledger devices.
</Callout>

Want to know more? Join the conversation on [the Ethereum Magicians Forum](https://ethereum-magicians.org/t/eip-7730-proposal-for-a-clear-signing-standard-format-for-wallets/20403).
35 changes: 23 additions & 12 deletions pages/docs/clear-signing/getting-started.mdx
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
import Image from 'next/image'


# Enhancing Security through Clear Signing

## Why does your dApp or Wallet need clear signing?
@@ -9,32 +8,44 @@ Blind signing is a significant vulnerability that scammers exploit to steal fund

<div style={{ paddingTop: "1em", width: "90%" }} className="center">
<figure>
<img src="/blind-signing-risk.png" alt="Blind sign risk" />
<Image src="/blind-signing-risk.png" alt="Blind sign risk" width={800} height={600} />
</figure>
</div>

At Ledger, we are committed to building a secure Web3 ecosystem. That is why we have introduced clear signing standards and tools to address this issue. These tools provide user-readable and understandable data, making it easier for users to identify potential risks and verify transactions accurately.

<div style={{ paddingTop: "1em", width: "90%" }} className="center">
<figure>
<img src="/clear-signing-cover.png" alt="Clear signing example" />
<Image src="/clear-signing-cover.png" alt="Clear signing example" width={800} height={600} />
</figure>
</div>

Using the ABI of the contract and metadata around the different fields, we can format a transaction for human readability. This way, users can verify the transaction before signing it, massively reducing the risk of scams.

## Where to go next?


<div style={{ paddingTop: "1em", width: "90%" }} className="center">
<figure>
<img src="/clear-signing/ERC-7730-meme.png" alt="Blind sign risk" />
<Image src="/clear-signing/ERC-7730-meme.png" alt="Blind sign risk" width={800} height={600} />
</figure>
</div>

## Where to go next?

**dApps**

If you work on a dApp, checkout [dApps implementation with ERC-7730](./erc7730)

**Wallets**

If you work on a Wallet, checkout [Wallets implementation with the DMK](./wallets)

**EIP-712 messages**

If you want to allow clear signing of an EIP-712 message, [read this documentation](./eip712)

**ERC-721, ERC-1155 and ERC-20**

For ERC-721, ERC-1155 and ERC-20 NFTs, follow [this documentation](./nft)

**What is the future of Clear Signing with Ledger?**

- If you work on a dApp, checkout [ERC-7730: How to implement clear signing](./erc7730)
- If you want to allow clear signing of an EIP-712 message, [read this documentation](./eip712)
- For ERC-721, ERC-1155 and ERC-20 NFTs, follow [this documentation](./nft)
- For device interaction, upgrade your integration with the [Ledger Device Management Kit](../device-interaction/getting-started) (LDMK)
- If you use the LedgerJS Ethereum transport library and are not ready for upgrading to the LDMK, make sure to use [the latest version](https://github.com/LedgerHQ/ledger-live/tree/b2163a6eaafd46390d4a14bad8e62fcc10454c05/libs/ledgerjs/packages/hw-app-eth)
Want to know how the Clear Signing initiative will evolve? Read [this page](./improvements).
37 changes: 37 additions & 0 deletions pages/docs/clear-signing/improvements.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
import Image from "next/image"

# The future of Clear Signing

## What's next for Clear Siging with Ledger

Ledger is constantly evolving its Clear Signing capabilities to enhance user experience and ecosystem integration. Here's a glimpse of upcoming developments.

### Interactive Json builder and Clear Signing visualizer

Ledger plans to release an open-source tool that enables developers to craft and modify JSON descriptions easily.
This tool will also serve as a visual display of how information appears on Ledger devices, simplifying the creation and validation process of metadata files.

### Generic Parser

The Ethereum Generic Parser is currently being developed as a crucial tool for ensuring seamless integration of Clear Signing.
Its primary function is to interpret the JSON files, enabling the smart contracts informations to be displayed accurately and effectively on Ledger devices.

### Extension of this process to other protocols

Ledger is working on extending Clear Signing support to other protocols.
This expansion aims to broaden the applicability of Clear Signing in the Web3 ecosystem, ensuring versatile and consistent experiences across different blockchains.

### Decentralization of the peer review process

Ledger is exploring ways to decentralize the peer review process for metadata submissions, empowering the community to participate in validating and improving the Clear Signing registry collaboratively.

## Expending the standard to the Web3 Ecosystem

Ledger is committed to fostering community contributions to the Clear Signing registry and encourages all wallet manufacturers and developers to adopt this standard. By expanding its use, we aim to enhance the security of the entire ecosystem and simplify smart contract interaction for users worldwide.

Ledger envisions the JSON standard becoming integral to the Web3 ecosystem, fostering a secure and user-friendly environment for all participants.
Your involvement is key to realizing this vision, and we invite you to join us in building a secure, decentralized future.




12 changes: 12 additions & 0 deletions pages/docs/clear-signing/wallets.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# Implementing clear Signing for wallets

## New implementation

To incorporate Clear Signing into your wallet, use the [Ledger Device Management Kit (LDMK)](../device-interaction/getting-started).
This kit supersedes the LedgerJS transport libraries, enabling straightforward device interaction coding within your wallet and offering built-in Clear Signing support.

## Updating an existing LedgerJS implementation

If your application currently uses the LedgerJS Ethereum transport library, we recommend upgrading to the LDMK for improved functionality.

However, if you're not prepared to transition to the LDMK, ensure you are using [the latest LedgerJS version](https://github.com/LedgerHQ/ledger-live/tree/b2163a6eaafd46390d4a14bad8e62fcc10454c05/libs/ledgerjs/packages/hw-app-eth) to maintain compatibility and security.

0 comments on commit ae2b6b9

Please sign in to comment.