Merge pull request #4358 from anoma/tomas/check-ledger-app-version

mergify[bot] · web-flow · commit cd3180c3d86f · 2025-02-17T06:55:06.000Z
wallet: check min ledger app version for shielded key derivation
diff --git a/.changelog/unreleased/improvements/4358-check-ledger-app-version.md b/.changelog/unreleased/improvements/4358-check-ledger-app-version.md
@@ -0,0 +1,2 @@
+- Added a wallet check of the minimum supported Ledger app version for shielded
+  key derivation. ([\#4358](https://github.com/anoma/namada/pull/4358))
diff --git a/crates/apps_lib/src/cli/wallet.rs b/crates/apps_lib/src/cli/wallet.rs
@@ -254,6 +254,22 @@ async fn shielded_key_derive(
                 cli::safe_exit(1)
             }),
         );
+        let version = app.version().await.unwrap_or_else(|err| {
+            edisplay_line!(io, "Failed to retrieve Ledger app version: {err}");
+            cli::safe_exit(1)
+        });
+        if version.major < 3 {
+            edisplay_line!(
+                io,
+                "Minimum supported Ledger app version is 3.0.0 due to a \
+                 change in modified ZIP32 derivation path. Got v{}.{}.{}.",
+                version.major,
+                version.minor,
+                version.patch
+            );
+            cli::safe_exit(1)
+        }
+
         let response = app
             .retrieve_keys(
                 &BIP44Path {
diff --git a/crates/apps_lib/src/client/tx.rs b/crates/apps_lib/src/client/tx.rs
@@ -943,10 +943,34 @@ async fn augment_masp_hardware_keys(
         let transport = WalletTransport::from_arg(args.device_transport);
         let app = NamadaApp::new(transport);
         let wallet = namada.wallet().await;
+        let mut checked_app_version = false;
         // Augment the pseudo spending key with a proof authorization key
         for source in sources {
             // Only attempt an augmentation if proof authorization is not there
             if source.to_spending_key().is_none() {
+                if !checked_app_version {
+                    checked_app_version = true;
+                    let version = app.version().await.map_err(|err| {
+                        error::Error::Other(format!(
+                            "Failed to retrieve Ledger app version: {err}"
+                        ))
+                    })?;
+                    if version.major < 3 {
+                        edisplay_line!(
+                            namada.io(),
+                            "Please upgrade the Ledger app to version greater \
+                             than or equal to 3.0.0 (got v{}.{}.{}.), due to \
+                             a change in modified ZIP32 derivation path. If \
+                             you have keys derived using an older versions, \
+                             we recommend that you move any funds associated \
+                             with them to new keys.",
+                            version.major,
+                            version.minor,
+                            version.patch
+                        );
+                    }
+                }
+
                 // First find the derivation path corresponding to this viewing
                 // key
                 let viewing_key =

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+- Added a wallet check of the minimum supported Ledger app version for shielded`
	`2`	`+ key derivation. ([\#4358](https://github.com/anoma/namada/pull/4358))`