ETHx ledger plugin

.github/workflows/check_sdk.yml

@@ -0,0 +1,40 @@
+name: Check SDK submodule version
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+
+jobs:
+  job_check_SDK:
+    name: Check Ethereum plugin SDK submodule is up-to-date
+    runs-on: ubuntu-latest
+    steps:
+      - name: Clone plugin
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+      - name: Clone SDK
+        uses: actions/checkout@v3
+        with:
+          repository: LedgerHQ/ethereum-plugin-sdk
+          path: plugin-sdk
+          ref: ${{ github.base_ref || github.ref_name }}
+      - name: Comparing the SDK hash values
+        run: |
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+          REPO_SDK_HASH=$(git submodule status | grep sdk | cut -d ' ' -f2)
+          echo "SDK submodule hash: ${REPO_SDK_HASH} (checked out from '${{ github.base_ref || github.ref_name }}')"
+          CURRENT_SDK_HASH=$(cd ./plugin-sdk/ && git rev-parse HEAD)
+          echo "SDK submodule hash: ${CURRENT_SDK_HASH}"
+          if [ ${REPO_SDK_HASH} = ${CURRENT_SDK_HASH} ]
+          then
+              echo "SDK versions match!"
+              exit 0
+          else
+              echo "SDK versions mismatch!"
+              exit 1
+          fi

.github/workflows/ci-workflow.yml

@@ -38,6 +38,27 @@ jobs:
         run: |
           make BOLOS_SDK=${{ matrix.sdk }} -j
 
+  job_scan_build:
+    name: Clang Static Analyzer
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-lite:latest
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Build with Clang Static Analyzer
+        run: |
+          scan-build --use-cc=clang -analyze-headers -enable-checker security -enable-checker unix -enable-checker valist -o scan-build --status-bugs make default
+
+      - uses: actions/upload-artifact@v3
+        if: failure()
+        with:
+          name: scan-build
+          path: scan-build
+
   job_build_debug_plugin:
     name: Build debug plugin
     strategy:

.github/workflows/guidelines_enforcer.yml

@@ -0,0 +1,23 @@
+name: Ensure compliance with Ledger guidelines
+
+# This workflow is mandatory in all applications
+# It calls a reusable workflow guidelines_enforcer developed by Ledger's internal developer team.
+# The successful completion of the reusable workflow is a mandatory step for an app to be available on the Ledger
+# application store.
+#
+# More information on the guidelines can be found in the repository:
+# LedgerHQ/ledger-app-workflows/
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+  guidelines_enforcer:
+    name: Call Ledger guidelines_enforcer
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1

Makefile

@@ -1,170 +1,130 @@
-#*******************************************************************************
-#   Ledger App
-#   (c) 2017 Ledger
+# ****************************************************************************
+#    Ledger App
+#    (c) 2023 Ledger SAS.
 #
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#       http://www.apache.org/licenses/LICENSE-2.0
 #
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-#*******************************************************************************
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+# ****************************************************************************
 
 ifeq ($(BOLOS_SDK),)
 $(error Environment variable BOLOS_SDK is not set)
 endif
 
 include $(BOLOS_SDK)/Makefile.defines
 
+########################################
+#        Mandatory configuration       #
+########################################
+# Application name
 APPNAME = "Staderlabs"
 
-ifeq ($(ETHEREUM_PLUGIN_SDK),)
-ETHEREUM_PLUGIN_SDK=ethereum-plugin-sdk
-endif
-
-APP_LOAD_PARAMS += --appFlags 0x800 --path "44'/60'" --curve secp256k1
-
-APP_LOAD_PARAMS += $(COMMON_LOAD_PARAMS)
-
-APPVERSION_M     = 1
-APPVERSION_N     = 0
-APPVERSION_P     = 1
-APPVERSION       = "$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)"
-
-ifeq ($(TARGET_NAME), TARGET_NANOS)
-ICONNAME=icons/nanos_app_staderlabs.gif
-else ifeq ($(TARGET_NAME), TARGET_STAX)
-ICONNAME=icons/stax_app_staderlabs.gif
-DEFINES += ICONGLYPH=C_stax_staderlabs_64px
-DEFINES += ICONBITMAP=C_stax_staderlabs_64px_bitmap
-GLYPH_FILES += $(ICONNAME)
-else
-ICONNAME=icons/nanox_app_staderlabs.gif
-endif
-
-################
-# Default rule #
-################
-all: default
-
-############
-# Platform #
-############
-
-DEFINES   += OS_IO_SEPROXYHAL
-DEFINES   += HAVE_SPRINTF
-DEFINES   += LEDGER_MAJOR_VERSION=$(APPVERSION_M) LEDGER_MINOR_VERSION=$(APPVERSION_N) LEDGER_PATCH_VERSION=$(APPVERSION_P)
-DEFINES   += IO_HID_EP_LENGTH=64
-
-DEFINES   += UNUSED\(x\)=\(void\)x
-DEFINES   += APPVERSION=\"$(APPVERSION)\"
-CFLAGS    += -DAPPNAME=\"$(APPNAME)\"
-
-ifneq (,$(filter $(TARGET_NAME),TARGET_NANOX TARGET_STAX))
-DEFINES   += HAVE_BLE BLE_COMMAND_TIMEOUT_MS=2000
-DEFINES   += HAVE_BLE_APDU # basic ledger apdu transport over BLE
-endif
-
-ifeq ($(TARGET_NAME),TARGET_NANOS)
-DEFINES   += IO_SEPROXYHAL_BUFFER_SIZE_B=128
-else
-DEFINES   += IO_SEPROXYHAL_BUFFER_SIZE_B=300
-endif
-
-ifneq  ($(TARGET_NAME),TARGET_STAX)
-DEFINES   += HAVE_BAGL
-ifneq ($(TARGET_NAME),TARGET_NANOS)
-DEFINES   += HAVE_GLO096
-DEFINES   += HAVE_BAGL BAGL_WIDTH=128 BAGL_HEIGHT=64
-DEFINES   += HAVE_BAGL_ELLIPSIS # long label truncation feature
-DEFINES   += HAVE_BAGL_FONT_OPEN_SANS_REGULAR_11PX
-DEFINES   += HAVE_BAGL_FONT_OPEN_SANS_EXTRABOLD_11PX
-DEFINES   += HAVE_BAGL_FONT_OPEN_SANS_LIGHT_16PX
-DEFINES   += HAVE_UX_FLOW
-endif
-endif
+# Application version
+APPVERSION_M = 1
+APPVERSION_N = 1
+APPVERSION_P = 0
+APPVERSION = "$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)"
 
-# Enabling debug PRINTF
-ifneq ($(DEBUG),0)
-        DEFINES += HAVE_STACK_OVERFLOW_CHECK
-        SDK_SOURCE_PATH  += lib_stusb lib_stusb_impl
-        DEFINES   += HAVE_IO_USB HAVE_L4_USBLIB IO_USB_MAX_ENDPOINTS=4 IO_HID_EP_LENGTH=64 HAVE_USB_APDU
-
-        ifeq ($(DEBUG),10)
-                $(warning Using semihosted PRINTF. Only run with speculos!)
-                CFLAGS    += -include src/dbg/debug.h
-                DEFINES   += HAVE_PRINTF PRINTF=semihosted_printf
-        else
-                ifeq ($(TARGET_NAME),TARGET_NANOS)
-                        DEFINES   += HAVE_PRINTF PRINTF=screen_printf
-                else
-                        DEFINES   += HAVE_PRINTF PRINTF=mcu_usb_printf
-                endif
-
-        endif
-else
-        DEFINES   += PRINTF\(...\)=
-endif
-
-##############
-#  Compiler  #
-##############
-ifneq ($(BOLOS_ENV),)
-$(info BOLOS_ENV=$(BOLOS_ENV))
-CLANGPATH := $(BOLOS_ENV)/clang-arm-fropi/bin/
-GCCPATH := $(BOLOS_ENV)/gcc-arm-none-eabi-5_3-2016q1/bin/
-else
-$(info BOLOS_ENV is not set: falling back to CLANGPATH and GCCPATH)
-endif
-ifeq ($(CLANGPATH),)
-$(info CLANGPATH is not set: clang will be used from PATH)
-endif
-ifeq ($(GCCPATH),)
-$(info GCCPATH is not set: arm-none-eabi-* will be used from PATH)
-endif
-
-CC       := $(CLANGPATH)clang
-
-AS     := $(GCCPATH)arm-none-eabi-gcc
-
-LD       := $(GCCPATH)arm-none-eabi-gcc
-LDLIBS   += -lm -lgcc -lc
-
-# import rules to compile glyphs(/pone)
-include $(BOLOS_SDK)/Makefile.glyphs
-
-### variables processed by the common makefile.rules of the SDK to grab source files and include dirs
-APP_SOURCE_PATH  += src $(ETHEREUM_PLUGIN_SDK)
-ifneq ($(TARGET_NAME), TARGET_STAX)
-SDK_SOURCE_PATH  += lib_ux
-endif
-ifneq (,$(findstring HAVE_BLE,$(DEFINES)))
-SDK_SOURCE_PATH  += lib_blewbxx lib_blewbxx_impl
-endif
-
-### initialize plugin SDK submodule if needed
+# Initialize plugin SDK submodule if needed
 ifneq ($(shell git submodule status | grep '^[-+]'),)
 $(info INFO: Need to reinitialize git submodules)
 $(shell git submodule update --init)
 endif
 
-load: all
-	python3 -m ledgerblue.loadApp $(APP_LOAD_PARAMS)
-
-delete:
-	python3 -m ledgerblue.deleteApp $(COMMON_DELETE_PARAMS)
+ifeq ($(ETHEREUM_PLUGIN_SDK),)
+ETHEREUM_PLUGIN_SDK=ethereum-plugin-sdk
+endif
 
-# import generic rules from the sdk
-include $(BOLOS_SDK)/Makefile.rules
+# Application source files
+APP_SOURCE_PATH += src $(ETHEREUM_PLUGIN_SDK)
 
+# Application icons following guidelines:
+# https://developers.ledger.com/docs/embedded-app/design-requirements/#device-icon
+ICON_ID = $(shell echo -n "$(APPNAME)" | tr " " "_" | tr "[:upper:]" "[:lower:]")
+ICON_NANOS = icons/nanos_app_$(ICON_ID).gif
+ICON_NANOX = icons/nanox_app_$(ICON_ID).gif
+ICON_NANOSP = $(ICON_NANOX)
+ICON_STAX = icons/stax_app_$(ICON_ID).gif
 
-#add dependency on custom makefile filename
-dep/%.d: %.c Makefile
+ifeq ($(TARGET_NAME),TARGET_STAX)
+	DEFINES += ICONGLYPH=C_stax_$(ICON_ID)_64px
+	DEFINES += ICONBITMAP=C_stax_$(ICON_ID)_64px_bitmap
+endif
 
-listvariants:
-	@echo VARIANTS NONE staderlabs
+# Application allowed derivation curves.
+# Possibles curves are: secp256k1, secp256r1, ed25519 and bls12381g1
+# If your app needs it, you can specify multiple curves by using:
+# `CURVE_APP_LOAD_PARAMS = <curve1> <curve2>`
+CURVE_APP_LOAD_PARAMS = secp256k1
+
+# Application allowed derivation paths.
+# You should request a specific path for your app.
+# This serve as an isolation mechanism.
+# Most application will have to request a path according to the BIP-0044
+# and SLIP-0044 standards.
+# If your app needs it, you can specify multiple path by using:
+# `PATH_APP_LOAD_PARAMS = "44'/1'" "45'/1'"`
+PATH_APP_LOAD_PARAMS = "44'/60'"   # purpose=coin(44) / coin_type=Testnet(1)
+
+# Setting to allow building variant applications
+# - <VARIANT_PARAM> is the name of the parameter which should be set
+#   to specify the variant that should be build.
+# - <VARIANT_VALUES> a list of variant that can be build using this app code.
+#   * It must at least contains one value.
+#   * Values can be the app ticker or anything else but should be unique.
+VARIANT_PARAM = COIN
+VARIANT_VALUES = staderlabs
+
+# Enabling DEBUG flag will enable PRINTF and disable optimizations
+#DEBUG = 1
+
+########################################
+#     Application custom permissions   #
+########################################
+# See SDK `include/appflags.h` for the purpose of each permission
+#HAVE_APPLICATION_FLAG_DERIVE_MASTER = 1
+#HAVE_APPLICATION_FLAG_GLOBAL_PIN = 1
+#HAVE_APPLICATION_FLAG_BOLOS_SETTINGS = 1
+HAVE_APPLICATION_FLAG_LIBRARY = 1
+
+########################################
+# Application communication interfaces #
+########################################
+#ENABLE_BLUETOOTH = 1
+#ENABLE_NFC = 1
+
+########################################
+#         NBGL custom features         #
+########################################
+#ENABLE_NBGL_QRCODE = 1
+#ENABLE_NBGL_KEYBOARD = 1
+#ENABLE_NBGL_KEYPAD = 1
+
+########################################
+#          Features disablers          #
+########################################
+# These advanced settings allow to disable some feature that are by
+# default enabled in the SDK `Makefile.standard_app`.
+
+DISABLE_STANDARD_APP_FILES = 1
+
+# To allow custom size declaration
+#DISABLE_DEFAULT_IO_SEPROXY_BUFFER_SIZE = 1
+
+# Will set all the following disablers
+#DISABLE_STANDARD_APP_DEFINES = 1
+
+DISABLE_STANDARD_SNPRINTF = 1
+#DISABLE_STANDARD_USB = 1
+DISABLE_STANDARD_WEBUSB = 1
+DISABLE_STANDARD_BAGL_UX_FLOW = 1
+
+include $(BOLOS_SDK)/Makefile.standard_app

README.md

@@ -25,12 +25,14 @@ Need more information about the interface, the architecture, or general stuff ab
 
 Smart contracts covered by this plugin are:
 
-| Network  | Contract Name | Smart Contract                               |
-| -------- | ------------- | -------------------------------------------- |
-| Ethereum | MaticX        | `0xf03a7eb46d01d9ecaa104558c732cf82f6b6b645` |
-| Polygon  | ChildPool     | `0xfd225c9e6601c9d38d8f98d8731bf59efcf8c0e3` |
-| BSC      | StakeManager  | `0x7276241a669489E4BBB76f63d2A43Bfe63080F2F` |
-| Fantom   | FTMStaking    | `0xb458bfc855ab504a8a327720fcef98886065529b` |
+| Network  | Contract Name           | Smart Contract                               |
+| -------- | ----------------------- | -------------------------------------------- |
+| Ethereum | MaticX                  | `0xf03a7eb46d01d9ecaa104558c732cf82f6b6b645` |
+| Polygon  | ChildPool               | `0xfd225c9e6601c9d38d8f98d8731bf59efcf8c0e3` |
+| BSC      | StakeManager            | `0x7276241a669489E4BBB76f63d2A43Bfe63080F2F` |
+| Fantom   | FTMStaking              | `0xb458bfc855ab504a8a327720fcef98886065529b` |
+| Ethereum | StaderStakePoolsManager | `0xcf5ea1b38380f6af39068375516daf40ed70d299` |
+| Ethereum | UserWithdrawalManager   | `0x9f0491b32dbce587c50c4c43ab303b06478193a7` |
 
 ## Build