Merge branch 'eth-fees'

CHANGELOG.md

@@ -7,7 +7,7 @@ customers cannot upgrade their bootloader, its changes are recorded separately.
 ## Firmware
 
 ### [Unreleased]
-- Bitcoin: warn if the transaction fee is higher than 10% of the coins sent
+- Bitcoin, Ethereum: warn if the transaction fee is higher than 10% of the coins sent
 - ETH Testnets: add Goerli and remove deprecated Rinkeby and Ropsten
 
 ### 9.13.1

src/rust/bitbox02-rust/Cargo.toml

@@ -34,7 +34,8 @@ hex = { version = "0.4", default-features = false }
 sha2 = { version = "0.9.2", default-features = false }
 sha3 = { version = "0.9.1", default-features = false, optional = true }
 zeroize = "1.5.5"
-num-bigint = { version = "0.3.1", default-features = false, optional = true }
+num-bigint = { version = "0.4.3", default-features = false, optional = true }
+num-traits = { version = "0.2", default-features = false, optional = true }
 bip32-ed25519 = { git = "https://github.com/digitalbitbox/rust-bip32-ed25519", tag = "v0.1.0", optional = true }
 bs58 = { version = "0.4.0", default-features = false, features = ["alloc", "check"], optional = true }
 bech32 = { version = "0.8.1", default-features = false, optional = true }
@@ -70,6 +71,7 @@ app-ethereum = [
   # enable these dependencies
   "sha3",
   "num-bigint",
+  "num-traits",
   # enable this feature in the deps
   "bitbox02/app-ethereum",
 ]

src/rust/bitbox02-rust/src/hww/api/ethereum/amount.rs

@@ -14,6 +14,7 @@
 
 use alloc::string::String;
 use num_bigint::BigUint;
+use num_traits::{ToPrimitive, Zero};
 
 pub struct Amount<'a> {
     pub unit: &'a str,
@@ -45,6 +46,15 @@ impl<'a> Amount<'a> {
     }
 }
 
+/// Computes the percentage of the fee of the amount, up to one decimal point.
+/// Returns None if the amount is 0 or either fee or amount cannot be represented by `f64`.
+pub fn calculate_percentage(fee: &BigUint, amount: &BigUint) -> Option<f64> {
+    if amount.is_zero() {
+        return None;
+    }
+    Some(100. * fee.to_f64()? / amount.to_f64()?)
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -136,4 +146,26 @@ mod tests {
             );
         }
     }
+
+    #[test]
+    pub fn test_calculate_percentage() {
+        let p = |f: u64, a: u64| calculate_percentage(&f.into(), &a.into());
+        assert_eq!(p(1, 0), None);
+        assert_eq!(p(3, 4), Some(75.));
+        assert_eq!(p(0, 100), Some(0.));
+        assert_eq!(p(1, 100), Some(1.));
+        assert_eq!(p(9, 100), Some(9.));
+        assert_eq!(p(10, 100), Some(10.));
+        assert_eq!(p(99, 100), Some(99.));
+        assert_eq!(p(909, 1000), Some(90.9));
+        assert_eq!(
+            calculate_percentage(
+                // 63713280000000000
+                &BigUint::from_bytes_be(b"\xe2\x5a\xe3\xfd\xe0\x00\x00"),
+                // 530564000000000000
+                &BigUint::from_bytes_be(b"\x07\x5c\xf1\x25\x9e\x9c\x40\x00"),
+            ),
+            Some(12.008594627603833)
+        );
+    }
 }

src/rust/bitbox02-rust/src/hww/api/ethereum/sign.rs

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use super::amount::Amount;
+use super::amount::{calculate_percentage, Amount};
 use super::params::Params;
 use super::pb;
 use super::Error;
@@ -174,9 +174,10 @@ async fn verify_standard_transaction(
     let total = Amount {
         unit: params.unit,
         decimals: WEI_DECIMALS,
-        value: amount.value.add(&fee.value),
+        value: (&amount.value).add(&fee.value),
     };
-    transaction::verify_total_fee(&total.format(), &fee.format(), None).await?;
+    let percentage = calculate_percentage(&fee.value, &amount.value);
+    transaction::verify_total_fee(&total.format(), &fee.format(), percentage).await?;
     Ok(())
 }
 
@@ -384,7 +385,58 @@ mod tests {
         );
     }
 
-    /// Standard ETH transaction on an unusual keypath (Goerly on mainnet keypath)
+    /// Test a transaction with an unusually high fee.
+    #[test]
+    fn test_high_fee_warning() {
+        const KEYPATH: &[u32] = &[44 + HARDENED, 60 + HARDENED, 0 + HARDENED, 0, 0];
+
+        static mut UI_COUNTER: u32 = 0;
+        mock(Data {
+            ui_transaction_address_create: Some(Box::new(|_amount, _address| true)),
+            ui_transaction_fee_create: Some(Box::new(|total, fee, longtouch| {
+                assert_eq!(total, "0.59427728 ETH");
+                assert_eq!(fee, "0.06371328 ETH");
+                assert!(!longtouch);
+                true
+            })),
+            ui_confirm_create: Some(Box::new(move |params| {
+                match unsafe {
+                    UI_COUNTER += 1;
+                    UI_COUNTER
+                } {
+                    1 => {
+                        assert_eq!(params.title, "High fee");
+                        assert_eq!(params.body, "The fee rate\nis 12.0%.\nProceed?");
+                        assert!(params.longtouch);
+                        true
+                    }
+                    _ => panic!("too many user confirmations"),
+                }
+            })),
+            ..Default::default()
+        });
+        mock_unlocked();
+        assert!(block_on(process(&pb::EthSignRequest {
+            coin: pb::EthCoin::Eth as _,
+            keypath: KEYPATH.to_vec(),
+            nonce: b"\x1f\xdc".to_vec(),
+            // fee=gas_price*gas_limit=63713280000000000
+            gas_price: b"\x01\x65\xa0\xbc\x00\x00".to_vec(),
+            gas_limit: b"\xa2\x08".to_vec(),
+            recipient:
+                b"\x04\xf2\x64\xcf\x34\x44\x03\x13\xb4\xa0\x19\x2a\x35\x28\x14\xfb\xe9\x27\xb8\x85"
+                    .to_vec(),
+            // 530564000000000000
+            value: b"\x07\x5c\xf1\x25\x9e\x9c\x40\x00".to_vec(),
+            data: b"".to_vec(),
+            host_nonce_commitment: None,
+            chain_id: 0,
+        }))
+        .is_ok());
+        assert_eq!(unsafe { UI_COUNTER }, 1);
+    }
+
+    /// Standard ETH transaction on an unusual keypath (Goerli on mainnet keypath)
     #[test]
     pub fn test_process_warn_unusual_keypath() {
         const KEYPATH: &[u32] = &[44 + HARDENED, 60 + HARDENED, 0 + HARDENED, 0, 0];

src/rust/util/Cargo.toml

@@ -20,4 +20,4 @@ edition = "2018"
 license = "Apache-2.0"
 
 [dependencies]
-num-bigint = { version = "0.3.1", default-features = false }
+num-bigint = { version = "0.4.3", default-features = false }

src/rust/vendor/num-bigint/.cargo-checksum.json

@@ -1 +1 @@
-{"files":{"Cargo.toml":"7365a7f8541f6d8a889f42e4d8084786a942238ecd6688605fa6320e51e6a1db","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"6485b8ed310d3f0340bf1ad1f47645069ce4069dcc6bb46c7d5c6faf41de1fdb","README.md":"d8a18a6efa61a27d8d8e454d4aa9d03808119a7be7c378da9e200d941a74c17b","RELEASES.md":"1a0da1010ea8a1c5eca9a9566bdaae639a1bb3b450a987e98c28c03875981dfd","benches/bigint.rs":"e0388d1880c4ff508b2f871c5b70f058999dd8c6a703c16e8ea69f0a8e1ba50d","benches/factorial.rs":"ed1d276a780e7e5fe79121b941c22a00c2854dbf92fd8a5372619853ba0c13b7","benches/gcd.rs":"2b433e5699b45e5fb23e77ab025a07e16e3eb9a49c47207b477551542fc4ff1e","benches/roots.rs":"967161d58d1977452ec7fa988a41848d575008a3e148eb048bc049c884d98f5f","benches/shootout-pidigits.rs":"c2a48133f5b679928f7e3f4e764c78aaa8c5b811f58b86fe57fae8c63cb07136","build.rs":"4955639b370d3636b8c44cb7743e6c5fb129077b069d78becbc135eba37e1ece","src/algorithms.rs":"5850d2931c34b43a79047d66c8ce98093299eeb3e8cb6dd761ee2bd1a6a50e07","src/bigint.rs":"1c73cb3bf03fab04a24a0e4a1e131a2aab2d06f233ce760786502fc96dab3f23","src/bigrand.rs":"579f4da36b8378267ef4b8a73a792437eaf1b39c48b5f2d50b66fefb4f9a63d7","src/biguint.rs":"db580af66ab88990d3a060077b6f229e4029f487a7d6ccceb8e1528d1603e02d","src/lib.rs":"483bc6f1a6159df10ec9a55b886e19e9f79c7cc1becca82cc00bd46b846feed2","src/macros.rs":"800239723d637c3ea1d6beb6a62b38a2300bd4c69c20dc0d50855ad6a8b31e70","src/monty.rs":"91688835e0fd409df72c3df5e07e2a114982578f03dd62721c02f36d5fc64ac6","tests/bigint.rs":"32fc36ebbfe97f7f4b050dd787cf86df2a36b47854fae5366c47098200026b0a","tests/bigint_bitwise.rs":"e6a2f76fa1eb919e7c513d7e30a8a2a963841a295a71103462fb8ab9792419b5","tests/bigint_scalar.rs":"5d6131e021f96d476f7949fa2b302581bd9254e91efde1bf2926cdd5e8dffcdb","tests/biguint.rs":"3dbd9fc4b341e7f8106cbeb2e765dab08643fb8691c27a5719216c0c13662493","tests/biguint_scalar.rs":"f16450c0dfcaf23b6fb85669b3de7c2bb6f594a65e3cdf91014b2e49c941cc95","tests/consts/mod.rs":"e20bc49a7cc95077242cbe4016b37745ea986c779d2385cb367fbfe44f15ff94","tests/macros/mod.rs":"1a8f9f015e5caaac60ce9ccff01a75ae489801c3ede6e7b9b3c5079b6efefc9c","tests/modpow.rs":"f1e4ed4fe466b544d7c4e57d0a0dc7d1c97b430b4805cae12f0915b8c40ab66f","tests/roots.rs":"a3bc2de170a0f6297cc8d8830d608db537ca102ccf204fd4fb8e2d92675622d8"},"package":"5e9a41747ae4633fce5adffb4d2e81ffc5e89593cb19917f8fb2cc5ff76507bf"}
+{"files":{"Cargo.toml":"0b84600b6ebbf302c71ee1984c54477ddb94142d17f82bb3601386b57bf49922","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"6485b8ed310d3f0340bf1ad1f47645069ce4069dcc6bb46c7d5c6faf41de1fdb","README.md":"d830b9c7aa3ee607cdb87bcbd3f7c930c3c7faad7fa79312806efa0dc3bda577","RELEASES.md":"bf590b1e9d5c3235cd872fa442cb9041b4c8ea3db3622a95edcd66b554ac7cc8","benches/bigint.rs":"7efd4741f53c786bae63d1196492b5657fd0d928b37a59a08629f6efdc35c845","benches/factorial.rs":"ed1d276a780e7e5fe79121b941c22a00c2854dbf92fd8a5372619853ba0c13b7","benches/gcd.rs":"3cc1a3356f680a6fa625f0ece0c8dd778f4091a53a31177f2870ef9a6c858c7d","benches/rng/mod.rs":"38144fc8283955db4be72a1533328fded98986d6f9d0bc7da0b306f7d4b5ca43","benches/roots.rs":"b31846852a7215c26df228940f2e469aff32fa8805eccc2b5ee5e7280ef0eeb4","benches/shootout-pidigits.rs":"c2a48133f5b679928f7e3f4e764c78aaa8c5b811f58b86fe57fae8c63cb07136","build.rs":"4955639b370d3636b8c44cb7743e6c5fb129077b069d78becbc135eba37e1ece","src/bigint.rs":"0ba1f025b130517a1ce94008a4ace8e1e337a419c91f9eee181a6672e4985ecd","src/bigint/addition.rs":"440f67a80de748f418adc1f3bfbcc4d428e21bcf5ae6962e2b9f3bb82ed958a2","src/bigint/arbitrary.rs":"6679833dffb38fa81f251bf9dd35b0d5b4cecb2a368e82aac92b00cef4dfc21b","src/bigint/bits.rs":"6bfdd854de8daf5c98b8eb8f0f29aa76ae6098a39dbe12eec35fbc9b8c247602","src/bigint/convert.rs":"331f635497d429ec62d829d8d6b476ba402e6530ddbbf9d5b117ed3042e41beb","src/bigint/division.rs":"a0197386b4c6f1465db7ac13bda956dad6bf0ac75accd8f75755f5c8cd05d5fd","src/bigint/multiplication.rs":"0e3ea5982ea0748420d36381f633656ddc6b4c4bee5b97d8e7b2550e67aa3e4d","src/bigint/power.rs":"7391588452764440ae01bbcdfb5b94776018e15bb966b448fbeed693a484ddea","src/bigint/serde.rs":"8240ed79ac11ec0ec2dfc85d4657693d5b03379bdd60a42dccee4764b000e5b6","src/bigint/shift.rs":"3aca826b132a95394e16161708bb6067985a25fef684b25f9f662cf3be12d672","src/bigint/subtraction.rs":"9411b9f59bda0060d286c798e3e765a64def44ad29d9cd6879b73149b9ea4369","src/bigrand.rs":"1e3a9fea94f3be4d052d0ceb1a8de13c580028ee26695fbba1da9de51289c858","src/biguint.rs":"df931fdd6becfde3ab392218fe57b8eab215ab0a8435129e451c9d6013c506b6","src/biguint/addition.rs":"88c02a33ed47ac091b199c102a991ef494bb291771f8b38358d22bb791e66618","src/biguint/arbitrary.rs":"895fe5a9bbcf40824d1a342e089fb2aec78cb9bad0dd489cfef489a3323f6c3b","src/biguint/bits.rs":"05f56e1cd494a3cd63e418ce3d797b9e979f34c4fbacb882e977548a1f69be65","src/biguint/convert.rs":"1071e03f57fa56070e8f696417f33a2fb738afcac329984be6236e33bca37dfd","src/biguint/division.rs":"3b05da7dddeceefaa67c62f016411fa82ce2dcaf1678fdb1ee70e7d170870d9f","src/biguint/iter.rs":"c21e30f573bdf1936e72dd56a89ee662329d25e8b55e37e88e9b1aea2da48abd","src/biguint/monty.rs":"2382e59abf592d009f3f0aefcd2cfd541f21b861aac109931bca2fbc3ee37c62","src/biguint/multiplication.rs":"ee3f611add01239d4e7fc023afc87f1e8b79cb4cb3326e69a120bbee5b014fdf","src/biguint/power.rs":"729d6c4a7f3686711e4f7a86a634ddb920a02be3de1667dac8a0dc85c3b7a854","src/biguint/serde.rs":"fc16ef8f5d036085ca408e3abfef53646499959cc77b03af622e97636f03f778","src/biguint/shift.rs":"b023fad4f86516660d8c4c9328215139fbe2f13afb86ab7ce0206d0c0e04ae00","src/biguint/subtraction.rs":"abbc6e8aa7fcbf58d8444ead208a07171b377f81cab509eaba5c71509b2e472e","src/lib.rs":"113da969e9dd905b8d2b3c3f0571f79971a4517d9c96d9d6b2e4a0873d1e51a6","src/macros.rs":"800239723d637c3ea1d6beb6a62b38a2300bd4c69c20dc0d50855ad6a8b31e70","tests/bigint.rs":"267b907cdb66e62050922b68367e1135517ba0afbd453b7bec807836e9d1d2f3","tests/bigint_bitwise.rs":"e6a2f76fa1eb919e7c513d7e30a8a2a963841a295a71103462fb8ab9792419b5","tests/bigint_scalar.rs":"a87e801e370686985d44e1f020c69fceca72b9f048e0f7301d2b8d38469e5636","tests/biguint.rs":"b8109cae66582c34f2838125063ef2c7293eb31549429119eadd7fd8f95376ee","tests/biguint_scalar.rs":"b09cda9d4fe6ec519e93282653f69b57d70db73b9cb59c0ea5cd0861ca2de266","tests/consts/mod.rs":"e20bc49a7cc95077242cbe4016b37745ea986c779d2385cb367fbfe44f15ff94","tests/fuzzed.rs":"f60a84c446ea2f45d87eb4ee64682ea63fdef05bc74f482739d4e968960e8f4e","tests/macros/mod.rs":"1a8f9f015e5caaac60ce9ccff01a75ae489801c3ede6e7b9b3c5079b6efefc9c","tests/modpow.rs":"f1e4ed4fe466b544d7c4e57d0a0dc7d1c97b430b4805cae12f0915b8c40ab66f","tests/roots.rs":"a3bc2de170a0f6297cc8d8830d608db537ca102ccf204fd4fb8e2d92675622d8"},"package":"f93ab6289c7b344a8a9f60f88d80aa20032336fe78da341afc91c8a2341fc75f"}

src/rust/vendor/num-bigint/Cargo.toml

@@ -3,17 +3,16 @@
 # When uploading crates to the registry Cargo will automatically
 # "normalize" Cargo.toml files for maximal compatibility
 # with all versions of Cargo and also rewrite `path` dependencies
-# to registry (e.g., crates.io) dependencies
+# to registry (e.g., crates.io) dependencies.
 #
-# If you believe there's an error in this file please file an
-# issue against the rust-lang/cargo repository. If you're
-# editing this file be aware that the upstream Cargo.toml
-# will likely look very different (and much more reasonable)
+# If you are reading this file be aware that the original Cargo.toml
+# will likely look very different (and much more reasonable).
+# See Cargo.toml.orig for the original contents.
 
 [package]
 edition = "2018"
 name = "num-bigint"
-version = "0.3.1"
+version = "0.4.3"
 authors = ["The Rust Project Developers"]
 build = "build.rs"
 exclude = ["/bors.toml", "/ci/*", "/.github/*"]
@@ -44,7 +43,7 @@ name = "roots"
 name = "shootout-pidigits"
 harness = false
 [dependencies.arbitrary]
-version = "0.4"
+version = "1"
 optional = true
 default-features = false
 
@@ -59,12 +58,12 @@ features = ["i128"]
 default-features = false
 
 [dependencies.quickcheck]
-version = "0.9"
+version = "1"
 optional = true
 default-features = false
 
 [dependencies.rand]
-version = "0.7"
+version = "0.8"
 optional = true
 default-features = false
 

src/rust/vendor/num-bigint/README.md

@@ -13,7 +13,7 @@ Add this to your `Cargo.toml`:
 
 ```toml
 [dependencies]
-num-bigint = "0.3"
+num-bigint = "0.4"
 ```
 
 ## Features
@@ -29,12 +29,12 @@ if your compiler is not new enough.
 feature is enabled. To enable it include rand as
 
 ```toml
-rand = "0.7"
-num-bigint = { version = "0.3", features = ["rand"] }
+rand = "0.8"
+num-bigint = { version = "0.4", features = ["rand"] }
 ```
 
 Note that you must use the version of `rand` that `num-bigint` is compatible
-with: `0.7`.
+with: `0.8`.
 
 ## Releases
 

src/rust/vendor/num-bigint/RELEASES.md

@@ -1,3 +1,77 @@
+# Release 0.4.3 (2021-11-02)
+
+- [GHSA-v935-pqmr-g8v9]: [Fix unexpected panics in multiplication.][228]
+
+**Contributors**: @arvidn, @cuviper, @guidovranken
+
+[228]: https://github.com/rust-num/num-bigint/pull/228
+[GHSA-v935-pqmr-g8v9]: https://github.com/rust-num/num-bigint/security/advisories/GHSA-v935-pqmr-g8v9
+
+# Release 0.4.2 (2021-09-03)
+
+- [Use explicit `Integer::div_ceil` to avoid the new unstable method.][219]
+
+**Contributors**: @catenacyber, @cuviper
+
+[219]: https://github.com/rust-num/num-bigint/pull/219
+
+# Release 0.4.1 (2021-08-27)
+
+- [Fixed scalar divide-by-zero panics.][200]
+- [Implemented `DoubleEndedIterator` for `U32Digits` and `U64Digits`.][208]
+- [Optimized multiplication to avoid unnecessary allocations.][199]
+- [Optimized string formatting for very large values.][216]
+
+**Contributors**: @cuviper, @PatrickNorton
+
+[199]: https://github.com/rust-num/num-bigint/pull/199
+[200]: https://github.com/rust-num/num-bigint/pull/200
+[208]: https://github.com/rust-num/num-bigint/pull/208
+[216]: https://github.com/rust-num/num-bigint/pull/216
+
+# Release 0.4.0 (2021-03-05)
+
+### Breaking Changes
+
+- Updated public dependences on [arbitrary, quickcheck][194], and [rand][185]:
+  - `arbitrary` support has been updated to 1.0, requiring Rust 1.40.
+  - `quickcheck` support has been updated to 1.0, requiring Rust 1.46.
+  - `rand` support has been updated to 0.8, requiring Rust 1.36.
+- [`Debug` now shows plain numeric values for `BigInt` and `BigUint`][195],
+  rather than the raw list of internal digits.
+
+**Contributors**: @cuviper, @Gelbpunkt
+
+[185]: https://github.com/rust-num/num-bigint/pull/185
+[194]: https://github.com/rust-num/num-bigint/pull/194
+[195]: https://github.com/rust-num/num-bigint/pull/195
+
+# Release 0.3.3 (2021-09-03)
+
+- [Use explicit `Integer::div_ceil` to avoid the new unstable method.][219]
+
+**Contributors**: @catenacyber, @cuviper
+
+# Release 0.3.2 (2021-03-04)
+
+- [The new `BigUint` methods `count_ones` and `trailing_ones`][175] return the
+  number of `1` bits in the entire value or just its least-significant tail,
+  respectively.
+- [The new `BigInt` and `BigUint` methods `bit` and `set_bit`][183] will read
+  and write individual bits of the value. For negative `BigInt`, bits are
+  determined as if they were in the two's complement representation.
+- [The `from_radix_le` and `from_radix_be` methods][187] now accept empty
+  buffers to represent zero.
+- [`BigInt` and `BigUint` can now iterate digits as `u32` or `u64`][192],
+  regardless of the actual internal digit size.
+
+**Contributors**: @BartMassey, @cuviper, @janmarthedal, @sebastianv89, @Speedy37
+
+[175]: https://github.com/rust-num/num-bigint/pull/175
+[183]: https://github.com/rust-num/num-bigint/pull/183
+[187]: https://github.com/rust-num/num-bigint/pull/187
+[192]: https://github.com/rust-num/num-bigint/pull/192
+
 # Release 0.3.1 (2020-11-03)
 
 - [Addition and subtraction now uses intrinsics][141] for performance on `x86`