Reimbursement proposal for Ledger hardware wallets support

in HiveDevs2 years ago (edited)

The aim of this proposal is to reimburse the cost of the process to make it possible to use Ledger hardware wallets to secure Hive accounts. All the work that is mentioned in this proposal has already been done and all the software is open-source. The entire process took almost 2 years and involved multiple parties paid up-front by me but it's done and Hive is now officially supported by Ledger.

Proposal subject

The proposal will reimburse the following items (each described in detail later):

  • review of the previous app developed by another developer
  • contributing to the old app to add the latest operations and trying to fix it to work with the new Ledger SDK
  • development of the Ledger app from scratch to use the latest SDK and unify user experience for every Ledger model (Nano S/S+/X)
  • development of automated tests to cover the source code (high coverage of unit tests, integration tests, etc)
  • development of the Typescript library to enable communication with Ledger application
  • development of the CLI tool for Ledger to make the initial Functional Review
  • professional graphic designs for hiveledger.io
  • development of a feature-full Hive Ledger Online Wallet (companion app)
  • writing excessive documentation and supporting the Ledger team during the audit and approval process
  • supporting other developers and users

Proposal amount: 90,000 HBD

The proposed amount will cover all the labor costs put into the development by me, hired developers, and the graphic designer along with all necessary equipment (hardware wallets that have been used for development, etc). It also covers recurring costs like domain name and hosting for the next few years.

As this is a reimbursement proposal, I'm asking for 3000 HBD daily during the 30 days period.

What will happen if the proposal doesn't get funded?

All the work mentioned in this proposal has been already done and Hive is already officially supported by Ledger. All the software created during the process is open-sourced and publicly available. The only thing that will happen is that I will be sad about doing 2 years of professional work for free ;)

Motivation

There were three major reasons why I decided to start working on this:

  • I believe it's really important for the blockchain to have hardware wallets support to express that the project is mature enough to become considered serious and secure
  • I wanted to use a hardware wallet to protect my Hive account and feel safe
  • I was eager to show that Hive ecosystem is capable of developing high quality, well looking and feature-full software

I'm supporting Hive from the very beginning and have been around developing useful stuff since Steem's days. I believe we can start acting like professionals and I decided to show that we're capable of doing serious stuff. I wanted to make it possible to use hardware wallets to secure Hive accounts and create best wallet available. In order to achieve the goal, I went through all the steps involved in software development: research, UX design, UI design, development, testing, and more. I made the major part of the job by myself but also paid up-front for the work of a few external contractors from my pocket to make sure I will be able to finish it.

Benefits of hardware wallets support

Improved security

Hardware wallets are considered one of the best ways to manage your crypto assets. Using a hardware wallet increases overall security because you never expose your private keys to the outside world. Private keys are securely stored inside the hardware and never leave it. Even if you connect the device via USB, there is no way to leak your private keys. That's essential for your account security as we all know that leaks happen all the time, even to those who take special care to prevent them.

More exposure for the Hive ecosystem

It also opens Hive to a broader audience. From now on, it can be targeted to people that rely on hardware wallets to protect their assets. It often happens, that crypto projects without hardware wallets support are not taken seriously. It is not a case anymore for Hive and combining it with 20% APR for keeping our stable coin, makes a great opportunity to start onboarding more and more serious investors. Making Hive mainstream is our common goal and is a win-win for every one of us.


The process

The process to get official support from Ledger is long and complex. It requires the development of a hardware wallet application (low-level C language programming skills required), a companion app (online wallet that is easy to use for the end user), additional libraries to enable easy usage for other developers, excessive documentation for Ledger team and users, and even more.

Depending on the release type, different deliverables are required by Ledger. We were aiming for public release and official support:

Each deliverable is composed of multiple additional steps and requirements. For example, the Security deliverable requires:

  • Manual Code Reviews
  • Automated Static Code Analysis
  • Automated Security Check with CodeQL
  • Zero warnings during compilation
  • Units tests must be present
  • Functional tests must be present
  • External Security audits must be performed
  • App must have proper permissions and flags
  • App must be restricted to Coin-Specific BIP32 prefix
  • App must follow Good Practices for Transaction Handling

Additionally, the Ledger team performs a set of reviews of the application before they decide to publicly list the blockchain on their site:

What has been done

Most of my journey to bring the Ledger support is documented on the Hive blockchain as I was posting multiple articles to keep the community updated with the process.

Review of the old source code and the attempt to fix it

It all started at the beginning of the year 2021. It's not a secret that there was an attempt to develop a Hive ledger application in the past. There was a proposal that was paid up-front and the work has never been finished (btw, that's the reason I decided to create a reimbursement proposal after making sure we are officially supported by Ledger).

I started my journey by reading and reviewing the old source code. It was... far from what I expected from a quality code, especially the code that is responsible for making Hive accounts more secure.

I performed some manual tests and decided to fix bugs and even improve it by adding support for new operations that were introduced in Hardfork 25. I contributed to the project but my changes were never accepted and now the old repository got archived and is dead.

Meanwhile, I started reading the Ledger SDK documentation and getting familiar with the BOLOS system and Ledger requirements. I realized that it's impossible to get official support with the old code. It was bad, not covered with tests, outdated, and not capable of running on multiple models.

I decided to rewrite the app from scratch in a professional manner, making it ready to run with the newest SDK on all available models.

Writing hardware wallet application from scratch

That was the most challenging part of the entire process. As stated on ledger.com:

Developing applications for Ledger devices is an intricate process. The security of the user funds relies on the fact that the application works in a correct and secure manner and that potential attackers cannot misuse it to extract private data and/or sign requests which are not authorized by the user. The app should guard against such attacks because they have a very low entry point – a Ledger device attached to a compromised host might be a victim of the attacker’s program sending invalid/non-standard requests to the device.

Moreover, hardware wallets do have some specific limitations like slow CPU, limited RAM, small display, only two buttons to interact, etc. Additionally, Ledger hardware wallet applications are executed in a custom-made BOLOS operating system.

All of those required spending countless hours on learning, coding, and testing. But in the end, everything went well and the app passed all reviews (including the security audit) performed by Ledger.

High coverage of automated tests

I put a lot of effort into unit testing the app (which is not only required by Ledger company but also very useful in the matter of stability and security). I covered most of my files with unit tests written in ANSI C, using the cmocka framework. This will minimize potential problems, like buffer overflows/underflows, etc which are common on apps written in C.

Functional tests are equally important. I've created a test suite to automatically perform signing tests for all available operations and use cases, including the incorrect ones (to make sure your accounts are secure).

Typescript library to communicate with Ledger application

It was crucial to make it possible for me and other developers to easily communicate with the Hive application running on a hardware wallet. This library is being used by hiveledger.io, hive-ledger-cli, and will be utilized by @stoodkev shortly to add the support of Ledger wallets in the most popular Hive browser extension called Hive Keychain.

The library is written in TypeScript and open-sourced, covered with tests as well.

CLI tool for Ledger team to make the initial Functional Review

This tool was used by the Ledger team to perform the initial Functional Review. It was not clear to the Ledger if the application is designed in a way that will be easy enough to be used by an average crypto user.

For this purpose, I've created a CLI application (Command Line Interface) that utilizes the previously created TypeScript library to perform basic operations on the Hive account, including the onboarding and deboarding from the Ledger device.

Thanks to this tool, Ledger was capable of performing a Functional Review and preliminarily accepted the application.

Design and development of new Hive Ledger Online Wallet (hiveledger.io)

I wanted to create a professional wallet for Hive. The wallet that could stand as an example of how good software we can do on Hive. Moreover, the flow to onboard Hive accounts with a hardware wallet is complex and it couldn't fit into any existing wallet easily. I wanted Hive Ledger to be easy for an average user.

I started my work with UX research and UI mockups to make sure we can cover all the common use cases for Hive users. I created multiple designs with multiple iterations and performed user tests on those to get some feedback.

Those mockups were used later on by hired graphic designer to create final designs. I believe we should care about the appearance of our software and I wanted Hive Ledger Wallet to be great. It required close cooperation between me and the designer to consider every aspect of Hive blockchain specifics. Final designs prepared by the graphic designer:

Hive Ledger Online Wallet was coded by a professional front-end developer. The source code is open source and unit-tested when possible. This makes it a great addition to the Hive ecosystem.

The final product is already being used by multiple users and it is the official wallet for Hive and Ledger integration, linked on ledger.com

I'm also currently working on further improvements to make it even better.

Documentation and support for Ledger Team

The excessive documentation was required by the Ledger team for both developers and end users. I wrote multiple articles that are now used as official support materials for Ledger users.

I also performed multiple discussions with the security team to explain Hive blockchain specifics and design decisions.

Other improvements

While Ledger Team was performing a Security Audit of the submitted source code, I continued working on further improvements and this is how Blind Signing was introduced.

More info about Blind Signing can be found here:

What next?

I'm going to continue my work on hiveledger.io making it even better. I'm going to cooperate with other developers, for example, @stoodkev to make it possible to use Ledger devices with Hive Keychain extension to make the experience flawless.

Vote for the proposal!

Use your favorite frontend to vote for #242 proposal:

PeakD: https://peakd.com/me/proposals/242
Ecency: https://ecency.com/proposals/242
Hive.blog: https://wallet.hive.blog/proposals

You can also use your Ledger device on hiveledger.io to vote for the proposal!

Sort:  


~~~ embed:1591841416841498624 twitter metadata:OTQ5Nzk5ODYxMzIyNDY5Mzc3fHxodHRwczovL3R3aXR0ZXIuY29tLzk0OTc5OTg2MTMyMjQ2OTM3Ny9zdGF0dXMvMTU5MTg0MTQxNjg0MTQ5ODYyNHw= ~~~

~~~ embed:1591899169090048000 twitter metadata:MTIzNTUwMTI2fHxodHRwczovL3R3aXR0ZXIuY29tLzEyMzU1MDEyNi9zdGF0dXMvMTU5MTg5OTE2OTA5MDA0ODAwMHw= ~~~
~~~ embed:1592598711422668800 twitter metadata:NzQ1NzY3Njc5fHxodHRwczovL3R3aXR0ZXIuY29tLzc0NTc2NzY3OS9zdGF0dXMvMTU5MjU5ODcxMTQyMjY2ODgwMHw= ~~~

~~~ embed:1592885826828263428 twitter metadata:MTE2MTY5NDc5MjYwNDE2NDA5N3x8aHR0cHM6Ly90d2l0dGVyLmNvbS8xMTYxNjk0NzkyNjA0MTY0MDk3L3N0YXR1cy8xNTkyODg1ODI2ODI4MjYzNDI4fA== ~~~

The rewards earned on this comment will go directly to the people( @rubencress, @enjar, @maurojd, @hiro-hive, @urun, @steemadi, @yeckingo1, @empoderat ) sharing the post on Twitter as long as they are registered with @poshtoken. Sign up at https://hiveposh.com.

This team have made an excellent work with the integration. Many of us and mainly me, are happy with the improvements made so far. And I know they will continue offering functions and support. And talking about support, Engrave have the best support EVER. Just join their discord and you will be attended like you deserve. congrats Engrave

Thank you for your kind words

Supported and hope you get the reimbursement funding. Thanks for doing the heavy lifting for all of us on Hive so that we can have a hardware wallet to keep things safe.

Thanks, I believe it's valuable for all of us.

First to vote! Nice job, I will take a look when I get the chance

Thanks a lot for trusting me :)

Great job you have done, it was necessary to implement ledger and thus increase security in HIVE. Supported!!

Nice job bringing this to fruition. It was hard work laying the framework that you built upon, but I will be the first to admit you did a great job and would love to see you get this supported.

I got my Ledger last year, didn't write down my password so had to reset everything which took me ages. Then guess what? I still forgot to write down my password😄. I'm gonna reset my Ledger again and once I do that, I will make sure I write down my password this time and shift my Hive over. That will make sure I won't lose it!!! Thanks for doing this for Hive, it is much appreciated. Have voted for the proposal of course!!

One of those instant vote proposals and also love how you ask for funding after the fact, appreciate all you've done!

Thanks! I believe the motivation is different if you invest your time and money up-front, so... that's the best way to develop!

🍕 PIZZA !
@engrave! The Hive.Pizza team manually upvoted your post.

Learn more at https://hive.pizza!

I think the work you have done and are doing is and will be very useful for Hive. Proposal supported!
@tipu curate

Thank you, I really appreciate that!

Easiest vote ever,especially withwhats happening now in the crypto world! Thanks for all the work @engrave

Yeah, good timing :D Keep your Hive assets safe with Ledger!

It also covers recurring costs like domain name and hosting for the next few years.

I'm going to vote for the proposal right away now, but would like to get a concrete statement what's the minimum period. Just to make things clear.

Thanks, I will edit the proposal to make it clear!

Voted for the proposal with my proxy. I hope you get the support deserved asap.

Thank you, appreciate you vote!

Awesome job.
#242 upvoted and rehived.

Bravo!

Thanks!

I have strong faith that you will definitely get reimbursement for the proposal @engrave so that your project won't be in vein.

All the software created during the process is open-sourced and publicly available. The only thing that will happen is that I will be sad about doing 2 years of professional work for free ;)

Nobody puts effort like You have done and he won't reap it impossible you will surely get your reimbursement proposal funding HIVE Blockchain Is broad there are capable people in the Blockchain who can make up for 90,000 HBD.

There are other great developers as well, it's worth voting on witnesses that bring value to the network :)

You are right.

Vote. A Must.

No-brainer vote. Thank you for making this happen!

No problem, I really wanted it, thank for the support!

Absolutely top notch work, supported.... and I really need to get myself one of these Ledger things.

I feel much better with my owner keys stored on Ledger, I can recommend :)

!PGM
!LUV
!LOL

Sent 0.1 PGM - 0.1 LVL- 1 STARBITS - 0.05 DEC - 15 SBT - 0.1 THG - tokens to @elikast

remaining commands 9

BUY AND STAKE THE PGM TO SEND A LOT OF TOKENS!

The tokens that the command sends are: 0.1 PGM-0.1 LVL-0.1 THGAMING-0.05 DEC-15 SBT-1 STARBITS-[0.00000001 BTC (SWAP.BTC) only if you have 2500 PGM in stake or more ]

5000 PGM IN STAKE = 2x rewards!

image.png
Discord image.png

Support the curation account @ pgm-curator with a delegation 10 HP - 50 HP - 100 HP - 500 HP - 1000 HP

Get potential votes from @ pgm-curator by paying in PGM, here is a guide

I'm a bot, if you want a hand ask @ zottone444


Congratulations @engrave! Your post has been a top performer on the Hive blockchain and you have been rewarded with the following badges:

Post with the highest payout of the day.
Post with the highest payout of the week.

You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Supported ... this is right on time because the whole crypto world has just gotten its wakeup call about leaving assets on exchanges instead of in wallets.

My Ledger is still refusing to recognize Hive as an asset, though ... do we need to upgrade our Ledgers in any way to get Hive on there?

My Ledger is still refusing to recognize Hive as an asset, though

What do you mean by that?

I mean, I keep trying to find Hive in the list of wallets to add to my Ledger, but, it doesn't come up ... I wonder if I might be behind on an upgrade to Ledger Live and that might be the problem.

Yes, you need to have the latest Ledger Live.

OK... thanks! Looking forward to using this!

Nice Proposal!

I'm very happy for you to see this funded as I always thought that HIVE desperately need this (of course it's a instant YES from my side). You truly marked a precedent about how successful proposals should be managed. Congratulations on that, and hats off, seriously.

Talking about myself alone, I invested more in Hive because I had the possibility of safely storing with ledger. Otherwise impossible.

Thank you once again engrave!

Now to the next point... Wen keychain integration?

untitled.gif

You truly marked a precedent about how successful proposals should be managed. Congratulations on that, and hats off, seriously.

Thank you so much! DHF is awesome and I believe we can make great things using it and I really wanted to show it's possible :)

I invested more in Hive because I had the possibility of safely storing with ledger. Otherwise impossible.

I'm glad to hear that, really! I also feel much better with my keys stored on Ledger.

Wen keychain integration?

In progress :)

Congratulations @engrave! You received a personal badge!

You powered-up at least 10 HIVE on Hive Power Up Day!
Wait until the end of Power Up Day to find out the size of your Power-Bee.
May the Hive Power be with you!

You can view your badges on your board and compare yourself to others in the Ranking

Check out the last post from @hivebuzz:

Hive Power Up Month Challenge 2022-11 - Winners List
HiveBuzz World Cup Contest - Recap of Day 11
Be ready for the last Hive Power Up Month of the year!

Congratulations @engrave! You received a personal badge!

You powered-up at least 1000 HP on Hive Power Up Day and got the biggest Power-Bee!
See you at the next Power Up day to see if you will repeat this feat.
May the Hive Power be with you!

You can view your badges on your board and compare yourself to others in the Ranking

Check out the last post from @hivebuzz:

HiveBuzz World Cup Contest - Recap of Day 12
Hive Power Up Month Challenge 2022-11 - Winners List
Be ready for the last Hive Power Up Month of the year!

good good GOOD stuff! :D 😁 @teonius