Display account in app nav whenever signing via API #4859
Comments
markmhendrickson
added
bug
|
Gamma.io doesn't seem to require a specific account index on sign in: testgamma.mov |
|
with bitcoin it will sign in with the account that is active in the extension when you click connect. Then a user can switch in the extension and be surprised the transactions are being signed by a different address then expected. @edgarkhanzadian Related stuff also due to reaching API limits The same name can be displayed with different account numbers. The active account (what ever is shown in the extension modal) is displayed in the top of the popup to sign. But what should be shown is the account the dapp is connected with. And that should be the only account that can be signed with (as is the case with Stacks network). |
|
@314159265359879 does this fix require an API implementation change on the app side, or is it wallet side purely? |
|
Ping @314159265359879 |
|
@markmhendrickson This is partially wallet side, when it comes to the visual issue #4859 (comment) possibly fixed with #4923 However I believe that bitcoin issue (title) requires API implementation changes to prevent. It could be covered by the modern wallet API SIP if this is scoped in stacksgov/sips#166 (comment) |
|
@314159265359879 is this still causing a problem or has it been fixed by #4923 ? |
|
@pete-watters After a recent redesign you can nolonger see the account number/name on the approve transaction screen. So you can only know if you're signing with the right account after confirming. The transaction is not signed. When I am signed in on Gamma with Account 1, and have Account 2 active in the extension. This is not fixed. The result is just different now. (current) Reproduction steps
I propose the following solutions:
|
Let's implement this suggestion as a quick fix of sorts, reverting to the app nav's display of the account used for signing? |
As far as this solution, we already provide it. However, the app needs to indicate the "signed in account" while triggering API calls for signing transactions, and it seems Gamma isn't doing this. So we'd need them to upgrade their implementation to use that parameter? |
markmhendrickson
changed the title
markmhendrickson
added
enhancement-p1
|
I linked this bug as it relates to the same thing. I will make a change so that instead of showing the logo on these screens we show the users account |
|
I noticed the same issue on Luminex.io when signing a runes transfer transaction. Connected with account 1 on the dapp. Switched extension to account 2. And the transaction gets rejected on device. After switching back to account 1 I was able to sign the transfer transaction normally. |
@markmhendrickson want to add a link to docs where devs can read more about how to resolve this issue? |
|
I've made a small change here so that instead of showing the logo on the sign PSBT screen we show the users account and allow them to change the account. We are still just showing the logo on the initial message signing screen: Do I need to update that also? When implementing the global header, it was unclear how some headers should display so I may have made more mistakes. I believe it a good idea to audit these when working on approval UX |
Yep! Let's update there, too 🙏 The general idea is that we should show the account in the top nav wherever the user is signing something (transaction or message). |
|
@fabric-8 @mica000 could one of you review the previous comment that @pete-watters links here (#4371 (comment)) in case there requires any further design input on how the header details work? |
Thanks @markmhendrickson . That comment is a bit outdated now so I will gather some info on the current state of things so we can review it. I've updated my PR so that it handles the first signing step also. I have started looking into moving the Test App into CodeSandbox so I think that could help here. Then we will be able to test things more easily. My code works by configuring the Before we were showing account info only on:
I have updated it to also include:
There are other places I'm not sure if we need to show it, for example on the summary / choose fee pages:
|
Based on the route names, these six routes appear to pertain to screens during transaction or message-signing flows. So yes, let's show the account in the nav there, too. The one exception may be the |
|
These may be a good opportunity to ensure all of these relevant routes / views are included in our views database. If you could include a screenshot of each per entry, that'd help evaluate them. |
Yes I think that's a good idea. I'll work on gathering that info and documenting it as I go. We have about 16 popup routes so it seems like we want to show that account info more often than not. I'll do an audit and take notes and we can decide on it. |
|
@markmhendrickson - FYI I merged my code that updates the header for I will audit the others but I opened a separate task for that here https://github.com/leather-io/issues/issues/157 . That way we can get this more urgent improvement out first and fix the others once I have documented and tested them all |
## [6.43.0](v6.42.2...v6.43.0) (2024-07-15) ### Features * add Leather to WBIP004 array, closes [#5615](#5615) ([e38f6ab](e38f6ab)) * mock mainnet btc blockstream requests ([16d751c](16d751c)) ### Bug Fixes * choose account prevent bug, closes [#5509](#5509) ([89500a8](89500a8)) * collectible hover, closes [#4971](#4971) ([7728eeb](7728eeb)) * confine clickable area of account switcher to account name and chevron, closes [#5621](#5621) ([472c7e4](472c7e4)) * dust change amounts, closes [#4979](#4979) ([8b40ea7](8b40ea7)) * increase zIndex of tooltip to prevent it being obscured, closes [#5622](#5622) ([a1f86bb](a1f86bb)) * show account name in signPsbt and signBip322 header, ref [#4657](#4657) [#4859](#4859) ([71f2565](71f2565)) ### Internal * add new analytics events ([3f9548e](3f9548e)) * post-release merge back ([c1bbf89](c1bbf89)) * reenable swaps, closes leather-io/issues[#98](#98) ([5faba22](5faba22))
Some more testing revealed that this https://github.com/leather-wallet/extension/issues/4599 has different has a different result on Stacks compared to Bitcoin.
Reproduction steps on Bitcoin dapps
A user reported that using unisat they signed transactions with another account than expected. I think it is caused by this. When you mint an inscription the transaction is signed with the active account on the wallet rather than the account signed in with on the dapp:
Trying the same thing buying an ordinal with unisat (signed in with account 1 and account 2 active will throw an error):
Trying the same thing on Magic Eden and Gamma resulted in no transmission of the transaction.
I tested minting a text inscription on Magic Eden after clicking confirm, the confirm screen closes but nothing is transmitted.
On Gamma I tested buying a print and the result was similar as on Magic Eden, clicking confirm closes the confirm screen but no transaction is transmitted.
Possible solutions: (a) better error handling, (b) the ME and gamma can show similar errors (c) (perhaps suggest them to make sure the active account on the extension is the same), (d) and allow trying again (not possible on ME without a refresh). (f) It would be great if the wallet could detect users who are trying to send with a different wallet and then allow an easy way for the user to switch.
The text was updated successfully, but these errors were encountered: