hathornetwork / hathor-wallet Goto Github PK

We currently limit our symbol field to at most 5 chars but each emojis usually spend more than one char each, so depending on the emoji you could have a maximum of 2 emojis in the symbol field.

We should discuss the best approach to solve this. This issue affects the desktop wallet, mobile wallet and the full node. All of them we check the size of the field as string.

Should we enable users to open developers tools?

There's been some debate about it on PR #32

Link to the design: #102

Verification

We will use the GitHub API to find the latest signed release of a repository (see the docs here) that is not a draft and not a prerelease.

The following block in the body of the releases will be used to indicate extra headers, such as the type of release (i.e. recommended, required, or security).

```headers
Type: Required
Show-Security-Alert: True
```

For now, only the type header will be available. The keys of the headers will be case insensitive.

Scheduler

This verification should be executed after the wallet is started, and then automatically every X minutes.

UX

When a new version is detected, we should show an alert bar saying "A new version of Hathor Wallet is available. Click here for more information". When clicked, it should open a NewVersionAvailable modal.

We should also show that a new version is available in the About menu and in the Settings screen.

The NewVersionAvailableModal should have the title "An update is available" and an explanation of the new version. It should have two buttons: "Close" and "Download it", and the latter should open the html_url given by the GitHub API.

The NewVersionAvailableModal may also have a scrollable text with border and white background showing the change logs of all versions between current version and the latest version.

Example of explanation:

"""
Hathor Wallet v0.15.0 for macOS, Windows, and Linux has been released. We recommend you to update your wallet as soon as possible.

You should always update your wallet to have access to all new features, improvements, and fixes.

(if it's been a long time) Your wallet is outdated, and it may stop working anytime. We highly recommend you to update it right now.
"""

In the transaction detail screen we show the token symbol of each input and output. In the case we have two different tokens with the same symbol used in the same transaction, it would be confusing for the user. We should think about a way of making it better to differentiate the tokens in this case.

There are some problems to be fixed to have it done. I've tried to use our current notarize process and got the following errors:

ERROR ITMS-90237: "The product archive package's signature is invalid. Ensure that it is signed with your "3rd Party Mac Developer Installer" certificate."

ERROR ITMS-90284: "Invalid Code Signing. The executable 'network.hathor.macos.wallet.pkg/Payload/Hathor Wallet.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework' must be signed with the certificate that is contained in the provisioning profile."

ERROR ITMS-90284: "Invalid Code Signing. The executable 'network.hathor.macos.wallet.pkg/Payload/Hathor Wallet.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib' must be signed with the certificate that is contained in the provisioning profile."

ERROR ITMS-90284: "Invalid Code Signing. The executable 'network.hathor.macos.wallet.pkg/Payload/Hathor Wallet.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Resources/crashpad_handler' must be signed with the certificate that is contained in the provisioning profile."

ERROR ITMS-90284: "Invalid Code Signing. The executable 'network.hathor.macos.wallet.pkg/Payload/Hathor Wallet.app/Contents/Frameworks/Hathor Wallet Helper.app/Contents/MacOS/Hathor Wallet Helper' must be signed with the certificate that is contained in the provisioning profile."

ERROR ITMS-90284: "Invalid Code Signing. The executable 'network.hathor.macos.wallet.pkg/Payload/Hathor Wallet.app/Contents/Frameworks/Mantle.framework/Versions/A/Mantle' must be signed with the certificate that is contained in the provisioning profile."

ERROR ITMS-90284: "Invalid Code Signing. The executable 'network.hathor.macos.wallet.pkg/Payload/Hathor Wallet.app/Contents/Frameworks/ReactiveCocoa.framework/Versions/A/ReactiveCocoa' must be signed with the certificate that is contained in the provisioning profile."

ERROR ITMS-90284: "Invalid Code Signing. The executable 'network.hathor.macos.wallet.pkg/Payload/Hathor Wallet.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt' must be signed with the certificate that is contained in the provisioning profile."

ERROR ITMS-90284: "Invalid Code Signing. The executable 'network.hathor.macos.wallet.pkg/Payload/Hathor Wallet.app/Contents/Frameworks/Squirrel.framework/Versions/A/Squirrel' must be signed with the certificate that is contained in the provisioning profile."

ERROR ITMS-90284: "Invalid Code Signing. The executable 'network.hathor.macos.wallet.pkg/Payload/Hathor Wallet.app/Contents/MacOS/Hathor Wallet' must be signed with the certificate that is contained in the provisioning profile."

ERROR ITMS-90296: "App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [( "network.hathor.macos.wallet.pkg/Payload/Hathor Wallet.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Resources/crashpad_handler", "network.hathor.macos.wallet.pkg/Payload/Hathor Wallet.app/Contents/Frameworks/Hathor Wallet Helper.app/Contents/MacOS/Hathor Wallet Helper", "network.hathor.macos.wallet.pkg/Payload/Hathor Wallet.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt", "network.hathor.macos.wallet.pkg/Payload/Hathor Wallet.app/Contents/MacOS/Hathor Wallet" )] Refer to App Sandbox page at https://developer.apple.com/devcenter/mac/app-sandbox/ for more information on sandboxing your app."

Ledger app is working, but needs to be approved by Ledger developers before it can be officially launched. We could have an advanced mode to enable users to support Ledger on their Desktop wallet.

PR: #70

This would prevent an amount of duplicated code we currently have.

Hathor's full node already support Atomic Swap, but the wallet does not have an implemented flow to support exchange of tokens between users.

Running the npm start on node 12.0.0 raises a series of errors.

When we run npm run electron, Hathor Wallet can communicate with Ledger. However, communication is not working with a packaged wallet (npm run electron-pack).

Error shown:

getUSBConnection: Error: cannot open device with path at new HID

Some debugging indicates it's not finding the correct device resource/path.

Correct:

Transport.create found { type: 'add',
  descriptor:
   'IOService:/AppleACPIPlatformExpert/PCI0@0/AppleACPIPCI/XHC1@14/XHC1@14000000/HS02@14100000/Nano S@14100000/Nano S@0/IOUSBHostHIDDevice@14100000,0',
  device:
   { vendorId: 11415,
     productId: 1,
     path:
      'IOService:/AppleACPIPlatformExpert/PCI0@0/AppleACPIPCI/XHC1@14/XHC1@14000000/HS02@14100000/Nano S@14100000/Nano S@0/IOUSBHostHIDDevice@14100000,0',
     serialNumber: '0001',
     manufacturer: 'Ledger',
     product: 'Nano S',
     release: 512,
     interface: -1,
     usagePage: 65440,
     usage: 1 },
  deviceModel:
   { id: 'nanoS',
     productName: 'Ledger Nano S',
     productIdMM: 16,
     legacyUsbProductId: 1,
     usbOnly: true,
     memorySize: 327680,
     blockSize: 4096 } }

What we get:

Transport.create found { type: 'add',
  descriptor: '',
  device:
   { vendorId: 11415,
     productId: 1,
     path: '',
     serialNumber: '0001',
     manufacturer: 'Ledger',
     product: 'Nano S',
     release: 512,
     interface: -1,
     usagePage: 65440,
     usage: 1 },
  deviceModel:
   { id: 'nanoS',
     productName: 'Ledger Nano S',
     productIdMM: 16,
     legacyUsbProductId: 1,
     usbOnly: true,
     memorySize: 327680,
     blockSize: 4096 } }

PR: #63

It should only connect after the user starts the wallet.

If the wallet is not started yet, the ws is open during the init screens and will be closed and immediately re-opened when we initialize the wallet.

I'm not sure if it should also be closed when wallet is locked (right now ws is open).

We currently have a validation if the new wallet is compatible with the last installed one. This should be checked only in the LockedScreen (when the user is just reloading data).

However there are other places where we check this because we are doing it on the returnDefaultComponent on the App.js file. We should do this validation only for the LockedScreen component.

How to reproduce:

Start a brand new wallet (so you still don't have wallet:version set on storage) and this wallet default server should be not responding.

When you start the wallet you will see an error when loading data (because the server is not working), so you click to 'Change server'. Instead of being taken to the change server screen, you will be redirected to the WalleVersionError screen.

Improvements

1. Update tx count while paginating: HathorNetwork/hathor-wallet-lib#71
2. Improve error message when user gets a pow timeout when sending a tx: #112 and HathorNetwork/hathor-wallet-lib#72
3. Improve error message when user gets a timeout when loading the wallet: #111

PR: #70

Error:

Error Message: object null is not iterable (cannot read property Symbol(Symbol.iterator))
Stack trace: TypeError: object null is not iterable (cannot read property Symbol(Symbol.iterator))
    at ModalAddManyTokens._this.handleAdd (http://localhost:3000/static/js/main.chunk.js:2024:37)
    at HTMLUnknownElement.callCallback (http://localhost:3000/static/js/0.chunk.js:118952:18)
    at Object.invokeGuardedCallbackDev (http://localhost:3000/static/js/0.chunk.js:119001:20)
    at invokeGuardedCallback (http://localhost:3000/static/js/0.chunk.js:119055:35)
    at invokeGuardedCallbackAndCatchFirstError (http://localhost:3000/static/js/0.chunk.js:119070:29)
    at executeDispatch (http://localhost:3000/static/js/0.chunk.js:119376:7)
    at executeDispatchesInOrder (http://localhost:3000/static/js/0.chunk.js:119401:9)
    at executeDispatchesAndRelease (http://localhost:3000/static/js/0.chunk.js:119500:9)
    at executeDispatchesAndReleaseTopLevel (http://localhost:3000/static/js/0.chunk.js:119509:14)
    at forEachAccumulated (http://localhost:3000/static/js/0.chunk.js:119481:12)
    at runEventsInBatch (http://localhost:3000/static/js/0.chunk.js:119649:7)
    at runExtractedEventsInBatch (http://localhost:3000/static/js/0.chunk.js:119657:7)
    at handleTopLevel (http://localhost:3000/static/js/0.chunk.js:123835:9)
    at batchedUpdates$1 (http://localhost:3000/static/js/0.chunk.js:140274:16)
    at batchedUpdates (http://localhost:3000/static/js/0.chunk.js:121052:16)
    at dispatchEvent (http://localhost:3000/static/js/0.chunk.js:123915:9)
    at http://localhost:3000/static/js/0.chunk.js:140331:18
    at Object.unstable_runWithPriority (http://localhost:3000/static/js/0.chunk.js:155805:16)
    at interactiveUpdates$1 (http://localhost:3000/static/js/0.chunk.js:140330:26)
    at interactiveUpdates (http://localhost:3000/static/js/0.chunk.js:121073:14)
    at dispatchInteractiveEvent (http://localhost:3000/static/js/0.chunk.js:123891:7)

Lib PR: HathorNetwork/hathor-wallet-lib#98

Importing a wallet in the mobile app is more user friendly than in the desktop app. The error message could indicate which word is invalid when there is one. It could also enumerate the words and show the numbers while we are typing.

Tasks for the new hardware wallet mode:

• Add initial screens (S);
  . detect Ledger is connected;
  . get xpub key from Ledger;
• Request address (M);
  . send request to Ledger;
  . present modal waiting confirmation;
  . show address on desktop wallet;
• Send transaction (M);
  . send request to Ledger;
  . present modal waiting confirmation;
  . propagate transaction;
• Minor adjustments for features not available (M);
  . create tokens
  . token admin tools
  . passphrase
• Ledger disconnected flow (M);

More details on the design issue:
https://gitlab.com/HathorNetwork/rfcs/issues/12

PR: #68

We are having some sentry errors from a user using the version v0.11.3 of the wallet (the first version of the mainnet). The error is a timeout of this API because it's not using pagination.

Users in versions before v0.13.1 (mid march) won't be able to use the wallet. Should we still reply for requests that fit in one page? This would allow some users to continue using the old wallet.

Even though we are still waiting for Ledger's review of Hathor App, it seems that some users have been using it, generating some error reports in Sentry.

Link 1: https://sentry.io/organizations/hathor/issues/1656020920/?project=1410476&query=&statsPeriod=7d

Link 2: https://sentry.io/organizations/hathor/issues/1640898217/?project=1410476&query=&statsPeriod=7d

Link 3: https://sentry.io/organizations/hathor/issues/1640898201/?project=1410476&query=is%3Aunresolved&statsPeriod=7d

On my Mac:

Community user Farpa:

Client is currently 350mb unpacked

Investigating further, I noticed that aside from the Electron framework which is 131mb, the node_modules folder is getting included on the app.asar, with all dev dependency and .map file.

It would be ideal to include only the bundled js file generated from webpack, I believe it would reduce the client size to at least 160mb.

The current separator (-) might confuse the user that the balance is negative. We should change this UI to something else.

Suggestion:

Use another separator like (|), or write the balance inside something like [10.20], (10.20).

I believe it's very helpful and a standard in banking apps to show the available balance for the token we're sending.

With support for Ledger, we'll have two "modes" for our wallet: hardware or software. This issue tracks implementation for the software wallet new UX.

Tasks are:

• Add initial screens (S)
  . choice between software or hardware wallet;
  . software wallet disclaimer (not safe option);
• Add visual changes to easily identify when using software wallet (S)

More details on the design issue:
https://gitlab.com/HathorNetwork/rfcs/issues/12

When we release a new wallet, we have to change the version in 3 files: package.json, public/electron.js and src/constants.js. We should try to have it only on package.json.

At least in public/electron.js, this is possible and we already do it for Sentry there:

Sentry.init({
  dsn: constants.SENTRY_DSN,
  release: process.env.npm_package_version
})

For files under src/, we might need more steps:
https://stackoverflow.com/a/58517156

Other initial screens:

Loading addresses screen:

One of the users had a problem because didn't see the menu opened, so the items were above the screen, which made impossible to use the wallet.

We have a user report that the wallet is freezing after sending a transaction.

This issue is to discover when the freeze happens, in what conditions and how to solve it.

One problem that might be causing it is the number of transactions in the storage.

Every time a new tx arrives we update the historyTransactions object and call the filterHistoryTransactions method on the lib. This method gets only the transactions from the selected token and sorts them, so we can show them ordered on the list.

1. We should call this method only when there is a new tx, not when an old tx is updated;
2. The sort algorithm could be improved thinking that it will just add a new tx to a sorted array.

We call this method on src/screens/Wallet.js

 36 const mapStateToProps = (state) => {
 37   const filteredHistoryTransactions = hathorLib.wallet.filterHistoryTransactions(state.historyTransactions, state.selectedToken, true);
 38   const balance = hathorLib.wallet.calculateBalance(filteredHistoryTransactions, state.selectedToken);
 39   return {
 40     balance: balance,
 41     historyTransactions: filteredHistoryTransactions,
 42     selectedToken: state.selectedToken,
 43     tokens: state.tokens,
 44   };
 45 };

This issue could make the wallet slow when receiving new transactions and there are many txs on it. This problem is discussed on #96.

The user should be able to see the full address.

The following link may be useful: https://github.com/electron/electron/blob/v0.36.10/docs/api/app.md#appmakesingleinstancecallback

str2jsx (for i18n) returns an array with elements. Following react guidelines, each should have a unique key. Example stacktrace:

Warning: Each child in a list should have a unique "key" prop.

Check the render method of `Settings`. See https://fb.me/react-warning-keys for more information.
    in a (at Settings.js:143)
    in Settings (at App.js:319)
    in div (at App.js:317)
    in Route (at App.js:300)
    in StartedRoute (at App.js:195)
    in Switch (at App.js:189)
    in Root (created by ConnectFunction)
    in ConnectFunction (created by Context.Consumer)
    in Route (at ErrorWrapper.js:51)
    in ErrorBoundary (at ErrorWrapper.js:67)
    in Route (at ErrorWrapper.js:70)
    in div (at ErrorWrapper.js:69)
    in ErrorWrapper (created by Context.Consumer)
    in Route (at src/index.js:25)
    in Router (created by BrowserRouter)
    in BrowserRouter (at src/index.js:24)
    in Provider (at src/index.js:23)

The new token structure is describe in Hathor RFC 4 [1].

The following items should be covered:

1. When registering a new token, validate the token's information from the configuration string with the information on-chain.
2. Do not allow the registration of two tokens with the same symbol.
3. Do not allow the registration of two tokens with the same name.
4. In the tx details screen, we can stop using the UNK symbol for unknown tokens.
5. In the Unknown Tokens screen, we can show token's details.

We should always let the user know whether the token is a registered one or not. If it is not registered and have the same symbol or name as a registered symbol, we should show a fraud alert.

[1] RFC 4 - Token: https://gitlab.com/HathorNetwork/rfcs/blob/token-creation/text/0004-tokens.md

Steps to reproduce (very easy to do locally):

1. Start wallet and connect to a server;
2. Close the wallet;
3. Stop server;
4. Open wallet again;

It tries to connect to the server and, if it can't, the wallet is completely blank. User should be able to connect to a new server.

It would be desirable to have the software check for a new version of the Hathor wallet/node, and:

• Inform users; or
• Perform an automatic upgrade (this may be less secure, of course, so it should be at most optional and not default behavior)

It seems we are not handling the exception raised when the wallet tries to get the full node version. I don't know exactly what happens in the user interface.

Link: https://sentry.io/organizations/hathor/issues/1064788860/?project=1410476&query=is%3Aunresolved&statsPeriod=7d

Mint/melt tokens, delegate authority and destroy authority all need a loading and remove the modal backdrop while waiting the end of the request.

Discord user Dustin reported that a friend was having problems with his wallet. The history was not being loaded, just realtime transactions/blocks showed up.

I checked on the explorer and the address had over 4000 transactions. Actually, all blocks as this wallet was being used for mining.

He reported the wallet app was loading normally. I asked him to change to node2 (which is located in the US) and that eventually solved the problem.

What is weird about this bug is that the user should not get past the 'wallet loading' screen before loading all transactions.

Wallet is crashing in Windows.

EXCEPTION_ACCESS_VIOLATION_READ
Assertion Error: Unknown assertion type 0x00000000

https://sentry.io/organizations/hathor/issues/1620146965/?project=1410476&query=is%3Aunresolved&statsPeriod=7d

https://sentry.io/organizations/hathor/issues/1705167570/?environment=production&project=1410476&query=is%3Aunresolved

Discord miner reported this to @jansegre . He's got around 15k blocks.

Error Message: Cannot use 'in' operator to search for '0000000000001c6b53869ca44f6e0b376712148afb5d177df4f78f5a10920a65' in undefined
Stack trace: TypeError: Cannot use 'in' operator to search for '0000000000001c6b53869ca44f6e0b376712148afb5d177df4f78f5a10920a65' in undefined
    at Object.txExists (file:///C:/Users/1/AppData/Local/Programs/hathor-wallet/resources/app.asar/build/static/js/2.0069d731.chunk.js:2:458406)
    at t.handleWebsocket (file:///C:/Users/1/AppData/Local/Programs/hathor-wallet/resources/app.asar/build/static/js/main.31c35dba.chunk.js:1:189246)
    at t.f.emit (file:///C:/Users/1/AppData/Local/Programs/hathor-wallet/resources/app.asar/build/static/js/2.0069d731.chunk.js:2:479484)
    at t.value (file:///C:/Users/1/AppData/Local/Programs/hathor-wallet/resources/app.asar/build/static/js/2.0069d731.chunk.js:2:2628528)
    at WebSocket.ws.onmessage (file:///C:/Users/1/AppData/Local/Programs/hathor-wallet/resources/app.asar/build/static/js/2.0069d731.chunk.js:2:2628098)

lib PR: HathorNetwork/hathor-wallet-lib#52
wallet PR: #86