Blog posts, Tech | 06/28/2022

Clear-sign Your Worries Away


Main takeaways:

We have come a long way since the early Bitcoin days, and transaction security has heavily improved in the last decade.
– Blind-signing is still commonplace in the DeFi world, but safer and better alternatives are now available on your Ledger hardware wallets.
– “Don’t trust, verify” – our motto has never rang truer than when you clear-sign both your on-chain and off-chain messages.


A little bit of History

The year is 2010. You’re quite hungry, the kind of hunger only Papa John’s can satisfy. You order 2 pizzas and decide to pay for them in Bitcoin. Trying not to think about the delicious garlic dip, you triple-review the sequence of bytes that compose your raw transaction, with visible sweat on your forehead. You broadcast your signed transaction, not entirely sure if those last bytes should have been dead or beef

Fast forward to 2018. You are now trading all kinds of ERC20 tokens with one hand while eating a homemade chicken salad with the other. To sign each transaction, you whip out your Ledger Nano S, completely trusting the clear and detailed transaction information displayed on the screen. After pressing both buttons to validate, you reach out for some more Caesar sauce…

It is 2021. New NFT projects pop up left, right, and center. You’ve become an art collector, buying and selling tokens on the go. You casually check the collection name and token id on your Ledger Nano X as you swap your cheapest BAYC for a trip to the ISS.

Present day

As the world of crypto has evolved over the last decade, so has Ledger’s security to face ever increasing threats. Our overall approach however, has remained unchanged:

  • Safely parse your transaction in our secure element
  • Display a trusted summary on your Nano screen
  • Securely sign the original byte sequence with your private key

This process can be summarised as WYSIWYS (What You See Is What You Sign) which has been our persistent motto over the years. It’s a great little phrase to impress your in-laws over dinner, but why is it so important? And how do we make it work for all the different types of assets and blockchain interactions?

Let’s cover this by going over the three levels of transaction signing, which map nicely onto the Data-Information-Knowledge pyramid:

Blind-signing – Data

Let’s begin with a quick test: Can you tell what would happen if you were to sign this contract data and broadcast it on the Ethereum blockchain?

0xcfc0afeb0000000000000000000000002791bca1f2de4661ed88a30c99a7a9449aa84174000000000000000000000000eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee00000000000000000000000000
00000000000000000000000000000000ac6ca00000000000000000000000000000000000000000000000004aac34fbb545d2f60000000000000000000000000000000000000000000000004cfb6e0b69108f
97000000000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000
0000000000000000000000000002c000000000000000000000000000000000000000000000000000000000000003200000000000000000000000002cbd03487800e5ae9793db8d6017d909e676780a000000
00000000000000000000000000000000000000000000000000000003600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000001000000000000000000000000e7cbbd11be7f993197aef41c2d6df6e5f6867d890000000000000000000000000000000000000000000000000000000000000002beef0000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000c4000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000076c656467657232000000000000000000000000000000000000000000000000
00

Safe contract data, you can trust me, pinky swear

If it’s not immediately clear to you, there’s nothing wrong with you, dear reader, you are simply a human of flesh and bone.

This format, while very efficient, is not designed for us but for computers. Armed only with our eyes, we are unable to tell if funds are being transferred, how much, and to whom… We refer to signing this raw data as Blind-signing: You take an indecipherable sequence of bytes and blindly sign it with your private key, allowing whatever it contains to be executed on-chain without properly reviewing it.

While doing so has pretty much been the norm in the DeFi world for several years because it makes interacting with DApps so easy, it is unfortunately also woefully insecure. As Ledger’s CXO rightly points out, “Blind signing is like unsafe sex: It’s awesome, until it’s not!”.

If an attacker were to change just a couple of bytes in the transaction above, they could easily steal your funds, and you’d most likely be unable to tell the difference at the time of signing.

Another dangerous side effect of Blind-signing is that you get into the habit of approving just about anything you’re prompted with. At this point, you fully trust any DApp you interact with, which has proven to be a bad old habit.

http://

Not the first or last person to lose NFTs to blind signing

Transparent-signing – Information

While the byte sequences that compose blockchain transactions may seem cryptic, they all have a well-defined structure. Using the proper format description, it is possible to parse these transactions to make them humanly readable.

{
   "function": "simpleSwap",
   "arguments": {
       "fromToken": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
       "toToken": "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE",
       "fromAmount": 5830000000,
       "toAmount": 5300000000000000000,
       "expectedAmount": 5300000000000000000,
       "callees": [0xE7CbBD11bE7f993197aEF41C2D6dF6e5F6867d89],
       "exchangeData": "0xbeef",
       "startIndexes": [0, 196],
       "values": [0],
       "beneficiary": "0x2cBd03487800E5Ae9793dB8d6017D909E676780A",
       "referrer": "ledger2",
       "useReduxToken": false
   }
}

Transaction parsed using the contract’s ABI

In this case, we used the Application Binary Interface, or ABI, of the contract we’re interacting with, and the resultant parsing is much nicer! Now, before signing, I can easily verify that:

  • I am indeed calling a swap function,
  • The tokens 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48 and 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE are being swapped,
  • The amounts swapped are 5830000000 and 5300000000000000000.

If you’re an expert in ERC20 tokens, you may have recognized that the first one is USDC. But what about that 0xEeeee…? Isn’t this a burn address, which would mean you’re destroying your USDC, not swapping it? Also, the amounts seem quite large, but that’s because they are in the smallest unit of each token, and you’ll need to carefully count the zeros to ensure you’re not being scammed.

Finally, some fields, such as referrer, don’t matter to the security of your transaction, but you can’t know that unless you’ve dug into the smart contract code itself.

As you can see, there’s room for improvement in how we display transactions. While we’re undeniably moving forward, as we’re now accessing information rather than pure raw data, we still lack the context to understand what is happening in this transaction.

Clear-signing – Knowledge

We cannot expect our users to be intimately familiar with every protocol they use on their DeFi journey. Ideally, we’d want to show a summary of transactions that is easy to review and understand. Something along the lines of:

Swapping 5830 USDC for 5.3 ETH on address 0x2cBd03487800E5Ae9793dB8d6017D909E676780A

To produce this final clear-signing display, we’ve had to:

  • Limit the number of fields to the ones that matter to the user’s security.
  • Interpret the 0xEeeee… address, and replace it with a reference to ETH. Indeed, that’s what this address actually means for the contract at hand.
  • Convert the amounts into their respective main units, ETH and USDC, which eliminates the hard-to-count 0s.

You can show the above to anyone, and they will immediately grasp what is happening to their funds. This clear transaction representation is only possible if you have detailed knowledge of the contract you are interacting with.

At Ledger, we consider Clear-signing to be the only acceptable signing method, as it’s the only way to intelligibly approve a transaction with full knowledge of its content and impact. It is not a new concept by any means, but it’s at the root of what made the Ledger Nano S such a success in the crypto world. However, this level of clarity is not straightforward for every sort of interaction. New types of contracts and complex function calls are created every day, and it requires thorough security reviews as well as detailed attention to UX to accept them safely in our products.

Trusting the parser

While the advanced signing methods we covered improve the security of blockchain interactions, they also introduce issues we didn’t have initially.

With Blind-signing, you are given the exact raw data for signature. It is hard to read for a human, but it is faithful to the “What You See Is What You Sign” approach, as long as you don’t mind not understanding what’s on your screen. With Transparent and Clear-signing, you are given a transformed version of the original data. If the conversion of raw data into a readable summary is not properly secured, an attacker could modify it before it is displayed on your screen, and may thus trick you into signing over your funds.

Luckily, we have thought of that too at Ledger! In addition to protecting your private key, our hardware wallets also guarantee that you can trust the data displayed on their screens. Both key and screen security are enforced by our secure element, and parsing is constantly reviewed by our renowned security team, the Donjon.

Finally, when diving into the world of DeFi, it is essential to remember that you ultimately trust the smart contracts you interact with, to behave as expected. Always be careful which contracts you use and whether they have been reviewed or audited.

What’s next?

Following the stratospheric rise of crypto and its increased adoption over the past decade, the need for a secure environment has never been so critical. Scammers and hackers are always looking for creative ways to trick new and experienced users into sharing their private key.

However, the more people use Ledger devices for their security, the more difficult it becomes for these attackers to break into your crypto wallets. This leaves them with one last resort: mislead you into blind-signing operations that transfer over all your monkeys and cats for free.

Bringing absolute transparency and security to every single one of your transactions is what we strive for at Ledger. We firmly believe that only hardware-based clear-signing can give you the peace of mind you deserve.

As you may have seen during the last Ledger Op3n, implementing this across all our product lines is fascinating work, and it is the focus of our next articles. Stay tuned!

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our
newsletter

New coins supported, blog updates and exclusive offers directly in your inbox