Skip to content

Revert "Add custom hd path option (#9367)"#9875

Merged
Gudahtt merged 1 commit intodevelopfrom
revert-custom-hd-paths
Nov 13, 2020
Merged

Revert "Add custom hd path option (#9367)"#9875
Gudahtt merged 1 commit intodevelopfrom
revert-custom-hd-paths

Conversation

@Gudahtt
Copy link
Copy Markdown
Member

@Gudahtt Gudahtt commented Nov 13, 2020
edited
Loading

This reverts commit f30d261.

The custom HD path option introduced in #9367 was found to be unsafe to use, because the displayed list of accounts would differ depending on which application was open on the Ledger device. Essentially Ledger was accepting invalid inputs, and returning junk responses.

This was too dangerous to ship, as it could leave users with an account that they can't reliably recover. If we don't know how the derivation is happening, then allowing this import puts our users at risk of losing funds.

We can re-introduce this functionality after adding validation to ensure that we only allow inputs that are handled correctly by Ledger.

@Gudahtt
Revert "Add custom hd path option (#9367)"
e963d80 
This reverts commit f30d261.

The custom HD path option was found to be unsafe to use, because the
displayed list of accounts would differ depending on which application
was open on the Ledger device. Essentially Ledger was accepting invalid
inputs, and returning junk responses.

This was too dangerous to ship, as it could leave users with an account
that they can't reliably recover. If we don't know how the derivation
is happening, then allowing this import puts our users at risk of
losing funds.

We can re-introduce this functionality after adding validation to
ensure that we only allow inputs that are handled correctly by Ledger.
@Gudahtt Gudahtt requested a review from a team as a code owner November 13, 2020 17:33
@Gudahtt Gudahtt requested a review from darkwing November 13, 2020 17:33
rekmarks
rekmarks approved these changes Nov 13, 2020
View reviewed changes
Copy link
Copy Markdown
Member

@rekmarks rekmarks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@metamaskbot
Copy link
Copy Markdown
Collaborator

metamaskbot commented Nov 13, 2020

Builds ready [e963d80]
Page Load Metrics (375 ± 47 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint328239105
domContentLoaded2556223749847
load2566233759847
domInteractive2546223739847

@Gudahtt Gudahtt merged commit beb6047 into develop Nov 13, 2020
@Gudahtt Gudahtt deleted the revert-custom-hd-paths branch November 13, 2020 17:55
@github-actions github-actions bot locked and limited conversation to collaborators Nov 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@rekmarks rekmarks rekmarks approved these changes

@darkwing darkwing Awaiting requested review from darkwing

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Gudahtt @metamaskbot @rekmarks