oasisprotocol / oasis-wallet-web Goto Github PK
View Code? Open in Web Editor NEWOfficial non-custodial web wallet for the Oasis Network.
Home Page: https://wallet.oasis.io
License: Apache License 2.0
Official non-custodial web wallet for the Oasis Network.
Home Page: https://wallet.oasis.io
License: Apache License 2.0
On systems like Fedora, the default Docker container registry is not docker.io
but registry.fedoraproject.org
.
Could you make image names in Docker / Docker Compose configurations fully namespaced (e.g. docker.io/library/golang:1.16
instead of golang:1.16
) so their is no ambiguity about which image is required?
The wallet should include some form of a yield calculator, which would be based on the reward schedule, the current epoch, the validator delegating to, amount of tokens and for number of epochs that the tokens will be staked for
I have the following suggestions:
Type. Should the "nice" transaction type / name (something that is translatable) be shown first and the raw transaction's method name (e.g. Add escrow
) be shown in parenthesis?
Something like:
The full description (e.g. "Delegate your tokens to a validator and earn rewards") could be shown via a mouse-hoover tooltip?
Validator. Can this be renamed to "To"? In principle, one could make a delegation to a non-validator node. And this makes it consistent with the Oasis Node CLI which shows:
You are about to sign the following transaction:
Method: staking.AddEscrow
Body:
To: oasis1qqyrlc85h0mz4g00gj7r8pmxsas9yqc4nupaxy4a
Amount: 20000.0 TEST
Nonce: 0
Fee:
Amount: 0.0 TEST
Gas limit: 272
(gas price: 0.0 ROSE per gas unit)
Other info:
Genesis document's hash: 425f8b31b5d511483c401fb480457c183c0eca7e78b8a6ed4ce88be6cfa9ab14
And with what the Oasis Ledger app will show in the upcoming version.
Balance. Do you think users will find this field useful? In principle, the Preview transaction is a dialog, so the Total balance of an account will be visible in the background. Moreover, I was a bit confused if the balance should be interpreted as the balance before executing this transaction or some "preview" balance that will be the effect of executing this transaction?
I would consider removing it.
Gas. Can you rename this to "Gas limit" and change the units to so it is shown as 272? This will make it consistent with the Oasis Node CLI and what the Oasis Ledger app shows.
Steps to reproduce:
Example screenshot (the chosen account is oasis1qrs594jx6ytzgqp92uxqlr8n5qdcrpemv5xg4wn4
but they one displayed is oasis1qqdcs4gj5g0kykdcy9s32snh8a58swgkhyj6kzdy
):
We currently support opening wallets with the ED255159 PEM files, maybe make it more obvious that the whole envelope can be copy pasted, or add a file input to locally load the file from disk
some sites show a tooltip when you click a 'copy' button.
or more generally, buttons often have some kind of "down" appearance when you're clicking it
Otherwise reloading page changes the selection to mainnet
just a nit noticed while doing #181 auditing -- not obvious whether it has security impact in practice.
we use bech32 w/ oasis
prefix, but isValidAddress
oasis-wallet-web/src/app/lib/helpers.ts
Line 24 in 22fad9d
assertValidAddress
does not guard
so it's not obvious that there is no way to introduce malformed bech32 addresses, e.g., oasis1...1foo
and oasis1...1bar
, where the ...
are identical and valid bech32 characters, would be displayed sans the malformed suffix by PrettyAddress
and are visually identical and confusing. it seems likely that eventually malformed addresses would be caught, but it's not obvious that it will always be caught.
it would be better defense-in-depth if even UI code like PrettyAddress
validated its preconditions about its arguments and threw an exception (which i think bech32.decode
does), even though for error reporting / blame assignment the same check should be done as close to the source of the data as possible, so that the check in PrettyAddress
is unreachable in normal execution.
Change Validator
and To
to Account
to avoid misleading issues inside TransactionHistory
i run the code in develop , and change nothing . but show this error
Http response at 400 or 500 level
The above error occurred in task selectNetwork
created by takeEvery(network/selectNetwork, selectNetwork)
created by networkSaga
Tasks cancelled due to error:
takeEvery(network/selectNetwork, selectNetwork)
If validator has a website link validator.media.website_link = 'javascript:alert(1)'
it executes when user middle-clicks the website link
Minimal code to reproduce:
<ValidatorMediaInfo mediaInfo={ { website_link: 'javascript:alert(1)' } } />
Blocking #181
- type="float"
+ type="number"
+ step="any"
As mentioned in #81 - we should display the validator name & icon if possible inside the transaction history
Two distinct scroll movements are required on mobile to reach the bottom of the page for an unknown reason.
Is the email address validated anywhere in the stack? Otherwise some mail clients are vulnerable to autoattaching files with mailto:?attach=..
(https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdf)
Originally posted by @lukaw3d in #199 (comment)
Blocking #181
For example, when a user wants to reclaim (a part of) his delegation, he is also shown the corresponding amount of shares:
The amount that is presented in actually displayed in gigashares. The actual amount of shares in this case is 9997790262966873 and shares themselves are indivisible.
I agree that displaying the raw amount of shares would be even less clear to the user, so it is better to display it in gigashares. Just make sure to to suffix the amount with the unit. We would prefer using "gigashares".
FWIW, this is a design we have in mind for the next version of the oasis-node stake account info
CLI command:
Balance:
Total: 38,011,517.084506708 ROSE
Available: 5,105,018.191459385 ROSE
Active Delegations from this Account:
Total: 32,906,498.893047323 ROSE
Delegations:
- Address: oasis1qrw82ag2sypeytse9x9k4uxym53l5lc5jyfs2sxv (self)
Amount: 176,207.030432434 ROSE (169,146.962340923 gigashares, 0.56%)
- Address: oasis1qrdx0n7lgheek24t24vejdks9uqmfldtmgdv7jzz
Amount: 32,730,291.862614889 ROSE (31,418,889.047306104 gigashares, 76.34%)
Debonding Delegations from this Account:
Total: 0.0 ROSE
Nonce: 5
Active Delegations to this Account:
Total: 31,407,044.571716172 ROSE (30,148,661.90284496 gigashares)
Delegations:
- Address: oasis1qrw82ag2sypeytse9x9k4uxym53l5lc5jyfs2sxv (self)
Amount: 176,207.030432434 ROSE (169,146.962340923 gigashares, 0.56%)
- Address: oasis1qq2xx4pgk0wa73363l287wy48lmaf3v8tymthyhv
Amount: 20,814,851.680934195 ROSE (19,980,865.262676913 gigashares, 66.27%)
- Address: oasis1qrn9c0k92vk5leh62m942nqeq2kl9tmkaqk6lzz4
Amount: 10,415,485.860349543 ROSE (9,998,169.711273221 gigashares, 33.16%)
- Address: oasis1qqzt9qamqdl2kau4avryz6pp2nq8rgxmzysz2492
Amount: 500.0 ROSE (479.966553905 gigashares, <0.01%)
oasis1qz2tg4hsatlxfaf8yut9gxgv8990ujaz4sldgmzx
Cannot read properties of undefined (reading 'sent')
Support having multiple addresses open at the same time and switching between those, with different wallet types concurrently
It seems that balance sometimes gets out of sync between Testnet and Mainnet.
switch to testnet | switch to mainnet |
---|---|
input validation says I don't have 111 TEST | transaction summary says I have 10000 ROSE |
found balance = 0n in assertSufficientBalance with debugger |
|
Move away from Grommet's default theme, and pick new fonts
Display an error when this occurs
oasis-wallet-web/src/app/components/AddEscrowForm/index.tsx
Lines 48 to 54 in 22fad9d
step="any"
CSP would add another layer of XSS protection
Related: #181
These dependencies don't seem to be used:
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
@types/react
, @types/react-dom
, react-router-dom
)@types/jest
, @types/jest-when
)docker.io/clickhouse/clickhouse-server
, docker.io/envoyproxy/envoy
, docker.io/library/alpine
, docker.io/library/golang
)@parcel/config-webextension
, @parcel/packager-raw-url
, @parcel/transformer-webmanifest
, parcel
)@testing-library/react
, @types/react
, react-data-table-component
)docker-compose-testnet.yml
docker.io/envoyproxy/envoy v1.21.3
docker.io/library/postgres 16.0-alpine
docker.io/clickhouse/clickhouse-server 23.1.3-alpine
docker-compose.yml
docker.io/envoyproxy/envoy v1.21.3
docker.io/library/postgres 16.0-alpine
docker.io/clickhouse/clickhouse-server 23.1.3-alpine
docker/oasis-explorer/Dockerfile
docker.io/library/golang 1.20
docker.io/library/alpine 3.17.1
docker/oasis-node/Dockerfile
.github/workflows/ci-build.yml
actions/checkout v4
actions/setup-node v3
.github/workflows/ci-lint.yml
actions/checkout v4
actions/setup-python v4
actions/setup-node v3
.github/workflows/ci-test.yml
actions/checkout v4
actions/setup-node v3
actions/checkout v4
actions/setup-node v3
actions/upload-artifact v3
actions/checkout v4
actions/setup-node v3
actions/upload-artifact v3
actions/checkout v4
actions/setup-node v3
satackey/action-docker-layer-caching v0.0.11
actions/upload-artifact v3
actions/checkout v4
actions/download-artifact v3
codecov/codecov-action v3
codecov/codecov-action v3
.github/workflows/dump-validators.yml
actions/checkout v4
peter-evans/create-pull-request v5
package.json
@ethereumjs/util 9.0.0
@ledgerhq/hw-transport-webusb 6.27.19
@metamask/jazzicon 2.0.0
@oasisprotocol/client 0.1.1-alpha.2
@oasisprotocol/client-rt 0.2.1-alpha.2
@oasisprotocol/ledger 1.0.0
@reduxjs/toolkit 1.9.7
base64-arraybuffer 1.0.2
bech32 2.0.0
bignumber.js 9.1.1
bip39 3.1.0
body-scroll-lock 4.0.0-beta.0
copy-to-clipboard 3.3.3
grommet 2.33.2
grommet-icons 4.11.0
i18next 23.5.1
i18next-browser-languagedetector 7.1.0
lodash 4.17.21
qrcode.react 3.1.0
react 18.2.0
react-app-polyfill 3.0.0
react-data-table-component 6.11.8
react-dom 18.2.0
react-helmet-async 1.3.0
react-i18next 13.3.0
react-redux 7.2.9
react-router-dom 6.16.0
redux-saga 1.2.3
redux-state-sync 3.1.4
styled-components 5.3.11
tweetnacl 1.0.3
typed-redux-saga 1.5.0
valid-url 1.0.9
webext-redux 2.1.9
webextension-polyfill 0.10.0
@cypress/code-coverage 3.12.4
@parcel/config-webextension 2.9.3
@parcel/packager-raw-url 2.9.3
@parcel/transformer-webmanifest 2.9.3
@testing-library/cypress 10.0.1
@testing-library/jest-dom 6.1.4
@testing-library/react 13.4.0
@testing-library/user-event 14.5.1
@types/body-scroll-lock 3.1.1
@types/connect 3.4.37
@types/jest 29.5.5
@types/jest-when 3.5.3
@types/lodash 4.14.199
@types/react 17.0.66
@types/react-dom 18.2.8
@types/react-redux 7.1.27
@types/react-test-renderer 18.0.3
@types/redux-state-sync 3.1.7
@types/styled-components 5.1.28
@types/testing-library__jest-dom 5.14.9
@types/valid-url 1.0.5
@types/w3c-web-usb 1.0.8
@types/webextension-polyfill 0.10.4
@typescript-eslint/eslint-plugin 6.8.0
@typescript-eslint/parser 6.8.0
babel-plugin-istanbul 6.1.1
cypress 13.3.1
eslint 8.51.0
eslint-config-prettier 9.0.0
eslint-config-react-app 7.0.1
eslint-plugin-prettier 5.0.1
eslint-plugin-react 7.33.2
eslint-plugin-react-hooks 4.6.0
eslint-plugin-react-refresh 0.4.3
i18next-scanner 4.4.0
i18next-scanner-typescript 1.1.1
jest 29.7.0
jest-environment-jsdom 29.7.0
jest-styled-components 7.2.0
jest-when 3.6.0
markdownlint-cli 0.37.0
parcel 2.9.3
parcel-transformer-env-variables-injection 0.1.2
prettier 3.0.3
process 0.11.10
react-test-renderer 18.2.0
redux-saga-test-plan 4.0.6
sanitize.css 13.0.0
serve-handler 6.1.5
stream-browserify 3.0.0
string_decoder 1.3.0
stylelint 15.11.0
stylelint-config-recommended 13.0.0
ts-jest 29.1.1
typescript 5.2.2
util 0.12.5
wait-on 7.0.1
@ledgerhq/hw-transport ^6.27.6
@testing-library/dom 9.3.3
@typescript-eslint/eslint-plugin 6.8.0
bip39 3.1.0
eslint-plugin-react 7.33.2
grommet-icons 4.11.0
typescript 5.2.2
protobufjs 7.2.5
playwright/package.json
@playwright/test 1.39.0
For advanced users, it would be really helpful to be able to make a delegation to an arbitrary account (by entering the account's address).
when you click the menu in the top right and switch networks, it takes a few seconds before the loading spinner modal appears
I don't think this is high priority
Blocked by grommet/grommet#5537
Related to #181
For security of older browsers it is best practice to use target="_blank"
with rel="noopener"
https://web.dev/external-anchors-use-rel-noopener/
This appears in ValidatorMediaInfo:
please mark all issues found during this audit as blocking this one. this issue will not be marked as complete until all blockers are resolved (fixed or deferred, etc).
I would prefer if all text files would respect that.
This could be checked with editorconfig-checker.
Besides the primary account (described in ADR 0008), also allow opening additional accounts for non-zero key numbers, i.e. m/44'/474'/1'
, m/44'/474'/2'
, ...
This is what Reclaim escrow transaction preview shows:
(Note that the 10,000.0 TEST amount is wrong since the value of shares increased in between when the share amount was approximated from the desired reclaim value of 10k, to the actual transaction submission.)
Support opening wallets with ledger (with various accounts in the derivation paths), and signing transactions with ledger
Some pages and components need to be adapted for mobile
When a user creates a wallet using a generated mnemonic, have a flow to ensure that they saved the mnemonic (maybe confirm the order or have a few blanks that need to be filled)
Currently, when the link to the wallet is loaded in another app, it shows:
Can we make this configurable, e.g. to set it differently for the staging site?
From #236 (comment)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.