CAIP-222/ReCaps

[jakubuid]

ReCaps: https://eips.ethereum.org/EIPS/eip-5573
Specs: https://github.com/WalletConnect/walletconnect-specs/pull/171/files#diff-0f26e2a5f5b0afc129a0d37185d8c037ecb5d4583e15ead76ac6d6332b570aa7

• Added ReCaps into CAIP-222

[github-actions]

Qodana Community for Android

42 new problems were found

Inspection name	Severity	Problems
Constant conditions	🔶 Warning	26
Serializable object must implement 'readResolve'	🔶 Warning	10
Control flow with empty body	🔶 Warning	1
JUnit malformed declaration	🔶 Warning	1
Constant conditions	◽️ Notice	3
Argument could be converted to 'Set' to improve performance	◽️ Notice	1

View the detailed Qodana report

To be able to view the detailed Qodana report, you can either:

1. Register at Qodana Cloud and configure the action
2. Use GitHub Code Scanning with Qodana
3. Host Qodana report at GitHub Pages
4. Inspect and use qodana.sarif.json (see the Qodana SARIF format for details)

To get *.log files or any other Qodana artifacts, run the action with upload-result option set to true,
so that the action will upload the files as the job artifacts:

      - name: 'Qodana Scan'
        uses: JetBrains/[email protected]
        with:
          upload-result: true

Contact Qodana team

Contact us at [email protected]

• Or via our issue tracker: https://jb.gg/qodana-issue
• Or share your feedback: https://jb.gg/qodana-discussions

[Elyniss]

I think the part where you only specify (1) resource might be wrong. It only works if there is one resource.

Could there be multiple namespaces defined for one cacao? If yes then this will generate invalid statement

[jakubuid]

We support for now only a single namespace that's why (1) is hardcoded

// multi-namespace should error 
const { uri, response } = await dapp.sessionAuthenticate({
      chains: ["eip155:1", "cosmos:1"],
      domain: "localhost",
      nonce: "1",
      aud: "aud",
      methods: ["personal_sign", "eth_signTypedData_v4"],
    });

// this is fine
    const { uri, response } = await dapp.sessionAuthenticate({
      chains: ["eip155:1", "eip155:137"],
      domain: "localhost",
      nonce: "1",
      aud: "aud",
      methods: ["personal_sign", "eth_signTypedData_v4"],
    });
// this is fine
    const { uri, response } = await dapp.sessionAuthenticate({
      chains: ["cosmos:1", "cosmos:2"],
      domain: "localhost",
      nonce: "1",
      aud: "aud",
      methods: ["personal_sign", "eth_signTypedData_v4"],
    });

[Elyniss]

As per specs statement part of the SIWE MUST NOT contain \n source. Current code results too many new lines.

Cacao.Payload statement is not the same as SIWE statement

[Elyniss]

Currenlty it generates:

service.invalid wants you to sign in with your Ethereum account:
0x15bca56b6e2728aec2532df9d436bd1600e86688

I accept the ServiceOrg Terms of Service: https://service.invalid/tos

I further authorize the stated URI to perform the following actions on my behalf: (1) 'request': 'eth_signTypedData_v4', 'personal_sign' for 'eip155'

URI: https://service.invalid/login
Version: 1
Chain ID: 1
Nonce: 32891756

Wheras it should be:

service.invalid wants you to sign in with your Ethereum account:
0x15bca56b6e2728aec2532df9d436bd1600e86688

I accept the ServiceOrg Terms of Service: https://service.invalid/tos I further authorize the stated URI to perform the following actions on my behalf: (1) 'request': 'eth_signTypedData_v4', 'personal_sign' for 'eip155'

URI: https://service.invalid/login
Version: 1
Chain ID: 1
Nonce: 32891756

[jakubuid]

Good catch, ty

[kacperoak]

There is a lot new todos, make sure you really want to leave them all

[Talhaali00]

Verify that all public methods are backwards compatible. Instead of changing the function names, create new functions and deprecate old.

[Talhaali00]

Should we still keep this for backwards compatibility?

[jakubuid]

No, it's a new method that has changed during development

[Talhaali00]

regarding the Qodana warning, can we just do next().toString() instead?

[jakubuid]

Yup

[Talhaali00]

please address lint warnings on this file

[Talhaali00]

can this be a child class of SessionAuthenticated?

[jakubuid]

Yup

[Talhaali00]

same question, can this be moved to SessionAuthenticate?

[Talhaali00]

instead of just renaming the functions, we should deprecate the old functions and then create the new ones. Otherwise current implementers will see crashes in their apps

[jakubuid]

These are not on production

[Talhaali00]

make internal

[Talhaali00]

Also, try to address as many of the linter wanrings

[github-actions]

Qodana Community for Android

56 new problems were found

Inspection name	Severity	Problems
Constant conditions	🔶 Warning	41
Serializable object must implement 'readResolve'	🔶 Warning	10
Control flow with empty body	🔶 Warning	1
JUnit malformed declaration	🔶 Warning	1
Constant conditions	◽️ Notice	2
Argument could be converted to 'Set' to improve performance	◽️ Notice	1

View the detailed Qodana report

To be able to view the detailed Qodana report, you can either:

1. Register at Qodana Cloud and configure the action
2. Use GitHub Code Scanning with Qodana
3. Host Qodana report at GitHub Pages
4. Inspect and use qodana.sarif.json (see the Qodana SARIF format for details)

To get *.log files or any other Qodana artifacts, run the action with upload-result option set to true,
so that the action will upload the files as the job artifacts:

      - name: 'Qodana Scan'
        uses: JetBrains/[email protected]
        with:
          upload-result: true

Contact Qodana team

Contact us at [email protected]

• Or via our issue tracker: https://jb.gg/qodana-issue
• Or share your feedback: https://jb.gg/qodana-discussions

[jakubuid]

There is a lot new todos, make sure you really want to leave them all

Yeah I do, we're merging to a feature branch so before merging this feature branch to develop, all the TODOs will be resolved