npm - @injectivelabs/wallet-ledger - Versions diffs - 1.17.2-alpha.9 → 1.17.2 - Mend

@injectivelabs/wallet-ledger 1.17.2-alpha.9 → 1.17.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/cjs/index.cjs CHANGED Viewed

@@ -165,25 +165,6 @@ var LedgerTransport$1 = class LedgerTransport$1 {
 	}
 };
-//#endregion
-//#region src/strategy/Ledger/utils.ts
-/**
-* Used mainly for Ledger Nano S
-*/
-const domainHash = (message) => {
-	return (0, viem.hashDomain)({
-		domain: message.domain,
-		types: message.types
-	});
-};
-const messageHash = (message) => {
-	return (0, viem.hashStruct)({
-		data: message.message,
-		types: message.types,
-		primaryType: message.primaryType
-	});
-};
 //#endregion
 //#region src/strategy/Ledger/Eip1193Provider.ts
 var LedgerEip1193Provider = class {
@@ -303,6 +284,79 @@ var LedgerEip1193Provider = class {
 	}
 };
+//#endregion
+//#region src/strategy/Ledger/utils.ts
+/**
+* Used mainly for Ledger Nano S
+*/
+const domainHash = (message) => {
+	return (0, viem.hashDomain)({
+		domain: message.domain,
+		types: message.types
+	});
+};
+const messageHash = (message) => {
+	return (0, viem.hashStruct)({
+		data: message.message,
+		types: message.types,
+		primaryType: message.primaryType
+	});
+};
+/**
+* Checks if an EIP-712 payload is too large for Ledger hardware wallet signing
+* @param {Object} eip712Payload - The EIP-712 typed data object
+* @returns {boolean} - Returns true if payload is too big, false otherwise
+*/
+function isEIP712PayloadTooBig(eip712Payload) {
+	const LIMITS = {
+		MAX_TOTAL_SIZE: 8e3,
+		MAX_MSGS_SIZE: 4e3,
+		MAX_CONTEXT_SIZE: 2e3,
+		MAX_NESTING_DEPTH: 3,
+		MAX_MESSAGE_COUNT: 3
+	};
+	try {
+		const totalSize = JSON.stringify(eip712Payload).length;
+		if (totalSize > LIMITS.MAX_TOTAL_SIZE) {
+			console.log(`❌ Total payload size (${totalSize} bytes) exceeds limit (${LIMITS.MAX_TOTAL_SIZE} bytes)`);
+			return true;
+		}
+		if (eip712Payload.message?.msgs) {
+			const msgsSize = eip712Payload.message.msgs.length;
+			if (msgsSize > LIMITS.MAX_MSGS_SIZE) {
+				console.log(`❌ msgs field size (${msgsSize} bytes) exceeds limit (${LIMITS.MAX_MSGS_SIZE} bytes)`);
+				return true;
+			}
+			try {
+				const msgsArray = JSON.parse(eip712Payload.message.msgs);
+				if (Array.isArray(msgsArray) && msgsArray.length > LIMITS.MAX_MESSAGE_COUNT) {
+					console.log(`❌ Message count (${msgsArray.length}) exceeds limit (${LIMITS.MAX_MESSAGE_COUNT})`);
+					return true;
+				}
+				for (const msg of msgsArray) if (msg.msg && typeof msg.msg === "string") {
+					const escapeCount = (msg.msg.match(/\\\\/g) || []).length;
+					if (escapeCount > 10) {
+						console.log(`❌ Detected deeply nested/escaped JSON (${escapeCount} escape sequences)`);
+						return true;
+					}
+				}
+			} catch (e) {
+				console.warn("⚠️ Could not parse msgs field:", e.message);
+			}
+		}
+		if (eip712Payload.message?.context) {
+			const contextSize = eip712Payload.message.context.length;
+			if (contextSize > LIMITS.MAX_CONTEXT_SIZE) {
+				console.log(`❌ context field size (${contextSize} bytes) exceeds limit (${LIMITS.MAX_CONTEXT_SIZE} bytes)`);
+				return true;
+			}
+		}
+		return false;
+	} catch (_error) {
+		return true;
+	}
+}
 //#endregion
 //#region src/strategy/Ledger/Base.ts
 var LedgerBase = class extends __injectivelabs_wallet_base.BaseConcreteStrategy {
@@ -390,32 +444,42 @@ var LedgerBase = class extends __injectivelabs_wallet_base.BaseConcreteStrategy
 	async signEip712TypedData(eip712json, address) {
 		const derivationPath = await this.getDerivationPath(address);
 		const object = JSON.parse(eip712json);
+		if (isEIP712PayloadTooBig(object)) {
+			console.log("Payload is too big, signing with hashed message");
+			return this.signEIP712HashedMessage(derivationPath, object);
+		}
 		try {
+			console.log("Payload is not too big, signing with message");
 			const result = await (await this.ledger.getInstance()).signEIP712Message(derivationPath, object);
-			const v = result.v.toString(16).padStart(2, "0");
-			const combined = `${result.r}${result.s}${v}`;
-			return combined.startsWith("0x") ? combined : `0x${combined}`;
+			return this.formatSignatureResult(result);
 		} catch (e) {
+			console.log("Error signing EIP712 message:", e);
 			const errorMessage = e.message;
 			if (!(errorMessage.includes("instruction not supported") || errorMessage.includes("invalid status") || errorMessage.includes("not supported") || errorMessage.includes("INS_NOT_SUPPORTED"))) throw new __injectivelabs_exceptions.LedgerException(new Error(errorMessage), {
 				code: __injectivelabs_exceptions.UnspecifiedErrorCode,
 				type: __injectivelabs_exceptions.ErrorType.WalletError,
 				contextModule: __injectivelabs_wallet_base.WalletAction.SignTransaction
 			});
-			try {
-				const result = await (await this.ledger.getInstance()).signEIP712HashedMessage(derivationPath, domainHash(object), messageHash(object));
-				const v = result.v.toString(16).padStart(2, "0");
-				const combined = `${result.r}${result.s}${v}`;
-				return combined.startsWith("0x") ? combined : `0x${combined}`;
-			} catch (e$1) {
-				throw new __injectivelabs_exceptions.LedgerException(new Error(e$1.message), {
-					code: __injectivelabs_exceptions.UnspecifiedErrorCode,
-					type: __injectivelabs_exceptions.ErrorType.WalletError,
-					contextModule: __injectivelabs_wallet_base.WalletAction.SignTransaction
-				});
-			}
+			return this.signEIP712HashedMessage(derivationPath, object);
 		}
 	}
+	async signEIP712HashedMessage(derivationPath, object) {
+		try {
+			const result = await (await this.ledger.getInstance()).signEIP712HashedMessage(derivationPath, domainHash(object), messageHash(object));
+			return this.formatSignatureResult(result);
+		} catch (e) {
+			throw new __injectivelabs_exceptions.LedgerException(new Error(e.message), {
+				code: __injectivelabs_exceptions.UnspecifiedErrorCode,
+				type: __injectivelabs_exceptions.ErrorType.WalletError,
+				contextModule: __injectivelabs_wallet_base.WalletAction.SignTransaction
+			});
+		}
+	}
+	formatSignatureResult(result) {
+		const v = result.v.toString(16).padStart(2, "0");
+		const combined = `${result.r}${result.s}${v}`;
+		return combined.startsWith("0x") ? combined : `0x${combined}`;
+	}
 	async signAminoCosmosTransaction(_transaction) {
 		throw new __injectivelabs_exceptions.WalletException(/* @__PURE__ */ new Error("This wallet does not support signing Cosmos transactions"), {
 			code: __injectivelabs_exceptions.UnspecifiedErrorCode,
@@ -434,9 +498,7 @@ var LedgerBase = class extends __injectivelabs_wallet_base.BaseConcreteStrategy
 		try {
 			const derivationPath = await this.getDerivationPath(signer);
 			const result = await (await this.ledger.getInstance()).signPersonalMessage(derivationPath, (0, __injectivelabs_sdk_ts_utils.uint8ArrayToHex)((0, __injectivelabs_sdk_ts_utils.stringToUint8Array)((0, __injectivelabs_sdk_ts_utils.toUtf8)(data))));
-			const v = result.v.toString(16).padStart(2, "0");
-			const combined = `${result.r}${result.s}${v}`;
-			return combined.startsWith("0x") ? combined : `0x${combined}`;
+			return this.formatSignatureResult(result);
 		} catch (e) {
 			throw new __injectivelabs_exceptions.LedgerException(new Error(e.message), {
 				code: __injectivelabs_exceptions.UnspecifiedErrorCode,

package/dist/cjs/index.d.cts CHANGED Viewed

@@ -55,6 +55,8 @@ declare class LedgerBase extends BaseConcreteStrategy implements ConcreteWalletS
   }): Promise<string>;
   sendTransaction(transaction: TxRaw, options: SendTransactionOptions): Promise<TxResponse>;
   signEip712TypedData(eip712json: string, address: AccountAddress): Promise<string>;
+  private signEIP712HashedMessage;
+  private formatSignatureResult;
   signAminoCosmosTransaction(_transaction: {
     address: string;
     signDoc: StdSignDoc;

package/dist/esm/index.d.ts CHANGED Viewed

@@ -55,6 +55,8 @@ declare class LedgerBase extends BaseConcreteStrategy implements ConcreteWalletS
   }): Promise<string>;
   sendTransaction(transaction: TxRaw, options: SendTransactionOptions): Promise<TxResponse>;
   signEip712TypedData(eip712json: string, address: AccountAddress): Promise<string>;
+  private signEIP712HashedMessage;
+  private formatSignatureResult;
   signAminoCosmosTransaction(_transaction: {
     address: string;
     signDoc: StdSignDoc;

package/dist/esm/index.js CHANGED Viewed

@@ -164,25 +164,6 @@ var LedgerTransport$1 = class LedgerTransport$1 {
 	}
 };
-//#endregion
-//#region src/strategy/Ledger/utils.ts
-/**
-* Used mainly for Ledger Nano S
-*/
-const domainHash = (message) => {
-	return hashDomain({
-		domain: message.domain,
-		types: message.types
-	});
-};
-const messageHash = (message) => {
-	return hashStruct({
-		data: message.message,
-		types: message.types,
-		primaryType: message.primaryType
-	});
-};
 //#endregion
 //#region src/strategy/Ledger/Eip1193Provider.ts
 var LedgerEip1193Provider = class {
@@ -302,6 +283,79 @@ var LedgerEip1193Provider = class {
 	}
 };
+//#endregion
+//#region src/strategy/Ledger/utils.ts
+/**
+* Used mainly for Ledger Nano S
+*/
+const domainHash = (message) => {
+	return hashDomain({
+		domain: message.domain,
+		types: message.types
+	});
+};
+const messageHash = (message) => {
+	return hashStruct({
+		data: message.message,
+		types: message.types,
+		primaryType: message.primaryType
+	});
+};
+/**
+* Checks if an EIP-712 payload is too large for Ledger hardware wallet signing
+* @param {Object} eip712Payload - The EIP-712 typed data object
+* @returns {boolean} - Returns true if payload is too big, false otherwise
+*/
+function isEIP712PayloadTooBig(eip712Payload) {
+	const LIMITS = {
+		MAX_TOTAL_SIZE: 8e3,
+		MAX_MSGS_SIZE: 4e3,
+		MAX_CONTEXT_SIZE: 2e3,
+		MAX_NESTING_DEPTH: 3,
+		MAX_MESSAGE_COUNT: 3
+	};
+	try {
+		const totalSize = JSON.stringify(eip712Payload).length;
+		if (totalSize > LIMITS.MAX_TOTAL_SIZE) {
+			console.log(`❌ Total payload size (${totalSize} bytes) exceeds limit (${LIMITS.MAX_TOTAL_SIZE} bytes)`);
+			return true;
+		}
+		if (eip712Payload.message?.msgs) {
+			const msgsSize = eip712Payload.message.msgs.length;
+			if (msgsSize > LIMITS.MAX_MSGS_SIZE) {
+				console.log(`❌ msgs field size (${msgsSize} bytes) exceeds limit (${LIMITS.MAX_MSGS_SIZE} bytes)`);
+				return true;
+			}
+			try {
+				const msgsArray = JSON.parse(eip712Payload.message.msgs);
+				if (Array.isArray(msgsArray) && msgsArray.length > LIMITS.MAX_MESSAGE_COUNT) {
+					console.log(`❌ Message count (${msgsArray.length}) exceeds limit (${LIMITS.MAX_MESSAGE_COUNT})`);
+					return true;
+				}
+				for (const msg of msgsArray) if (msg.msg && typeof msg.msg === "string") {
+					const escapeCount = (msg.msg.match(/\\\\/g) || []).length;
+					if (escapeCount > 10) {
+						console.log(`❌ Detected deeply nested/escaped JSON (${escapeCount} escape sequences)`);
+						return true;
+					}
+				}
+			} catch (e) {
+				console.warn("⚠️ Could not parse msgs field:", e.message);
+			}
+		}
+		if (eip712Payload.message?.context) {
+			const contextSize = eip712Payload.message.context.length;
+			if (contextSize > LIMITS.MAX_CONTEXT_SIZE) {
+				console.log(`❌ context field size (${contextSize} bytes) exceeds limit (${LIMITS.MAX_CONTEXT_SIZE} bytes)`);
+				return true;
+			}
+		}
+		return false;
+	} catch (_error) {
+		return true;
+	}
+}
 //#endregion
 //#region src/strategy/Ledger/Base.ts
 var LedgerBase = class extends BaseConcreteStrategy {
@@ -389,32 +443,42 @@ var LedgerBase = class extends BaseConcreteStrategy {
 	async signEip712TypedData(eip712json, address) {
 		const derivationPath = await this.getDerivationPath(address);
 		const object = JSON.parse(eip712json);
+		if (isEIP712PayloadTooBig(object)) {
+			console.log("Payload is too big, signing with hashed message");
+			return this.signEIP712HashedMessage(derivationPath, object);
+		}
 		try {
+			console.log("Payload is not too big, signing with message");
 			const result = await (await this.ledger.getInstance()).signEIP712Message(derivationPath, object);
-			const v = result.v.toString(16).padStart(2, "0");
-			const combined = `${result.r}${result.s}${v}`;
-			return combined.startsWith("0x") ? combined : `0x${combined}`;
+			return this.formatSignatureResult(result);
 		} catch (e) {
+			console.log("Error signing EIP712 message:", e);
 			const errorMessage = e.message;
 			if (!(errorMessage.includes("instruction not supported") || errorMessage.includes("invalid status") || errorMessage.includes("not supported") || errorMessage.includes("INS_NOT_SUPPORTED"))) throw new LedgerException(new Error(errorMessage), {
 				code: UnspecifiedErrorCode,
 				type: ErrorType.WalletError,
 				contextModule: WalletAction.SignTransaction
 			});
-			try {
-				const result = await (await this.ledger.getInstance()).signEIP712HashedMessage(derivationPath, domainHash(object), messageHash(object));
-				const v = result.v.toString(16).padStart(2, "0");
-				const combined = `${result.r}${result.s}${v}`;
-				return combined.startsWith("0x") ? combined : `0x${combined}`;
-			} catch (e$1) {
-				throw new LedgerException(new Error(e$1.message), {
-					code: UnspecifiedErrorCode,
-					type: ErrorType.WalletError,
-					contextModule: WalletAction.SignTransaction
-				});
-			}
+			return this.signEIP712HashedMessage(derivationPath, object);
 		}
 	}
+	async signEIP712HashedMessage(derivationPath, object) {
+		try {
+			const result = await (await this.ledger.getInstance()).signEIP712HashedMessage(derivationPath, domainHash(object), messageHash(object));
+			return this.formatSignatureResult(result);
+		} catch (e) {
+			throw new LedgerException(new Error(e.message), {
+				code: UnspecifiedErrorCode,
+				type: ErrorType.WalletError,
+				contextModule: WalletAction.SignTransaction
+			});
+		}
+	}
+	formatSignatureResult(result) {
+		const v = result.v.toString(16).padStart(2, "0");
+		const combined = `${result.r}${result.s}${v}`;
+		return combined.startsWith("0x") ? combined : `0x${combined}`;
+	}
 	async signAminoCosmosTransaction(_transaction) {
 		throw new WalletException(/* @__PURE__ */ new Error("This wallet does not support signing Cosmos transactions"), {
 			code: UnspecifiedErrorCode,
@@ -433,9 +497,7 @@ var LedgerBase = class extends BaseConcreteStrategy {
 		try {
 			const derivationPath = await this.getDerivationPath(signer);
 			const result = await (await this.ledger.getInstance()).signPersonalMessage(derivationPath, uint8ArrayToHex(stringToUint8Array(toUtf8(data))));
-			const v = result.v.toString(16).padStart(2, "0");
-			const combined = `${result.r}${result.s}${v}`;
-			return combined.startsWith("0x") ? combined : `0x${combined}`;
+			return this.formatSignatureResult(result);
 		} catch (e) {
 			throw new LedgerException(new Error(e.message), {
 				code: UnspecifiedErrorCode,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@injectivelabs/wallet-ledger",
-  "version": "1.17.2-alpha.9",
+  "version": "1.17.2",
   "description": "Ledger wallet strategy for use with @injectivelabs/wallet-core.",
   "license": "Apache-2.0",
   "author": {
@@ -49,10 +49,10 @@
     "@ledgerhq/hw-transport-webusb": "^6.29.13",
     "buffer": "^6.0.3",
     "viem": "^2.41.2",
-    "@injectivelabs/exceptions": "1.17.2-alpha.9",
-    "@injectivelabs/ts-types": "1.17.2-alpha.9",
-    "@injectivelabs/sdk-ts": "1.17.2-alpha.9",
-    "@injectivelabs/wallet-base": "1.17.2-alpha.9"
+    "@injectivelabs/exceptions": "1.17.2",
+    "@injectivelabs/wallet-base": "1.17.2",
+    "@injectivelabs/sdk-ts": "1.17.2",
+    "@injectivelabs/ts-types": "1.17.2"
   },
   "peerDependencies": {
     "@ethersproject/abi": "^5.7.0",