BitBoxSwiss
diff --git a/‎CHANGELOG.md
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎py/send_message.py
Lines changed: 28 additions & 0 deletions b/‎py/send_message.py
Lines changed: 28 additions & 0 deletions
diff --git a/‎src/rust/bitbox02-rust/src/hww/api/bitcoin/signtx.rs
Lines changed: 58 additions & 7 deletions b/‎src/rust/bitbox02-rust/src/hww/api/bitcoin/signtx.rs
Lines changed: 58 additions & 7 deletions
diff --git a/‎src/rust/bitbox02-rust/src/hww/api/cardano/sign_transaction.rs
Lines changed: 8 additions & 6 deletions b/‎src/rust/bitbox02-rust/src/hww/api/cardano/sign_transaction.rs
Lines changed: 8 additions & 6 deletions
diff --git a/‎src/rust/bitbox02-rust/src/hww/api/ethereum/sign.rs
Lines changed: 17 additions & 10 deletions b/‎src/rust/bitbox02-rust/src/hww/api/ethereum/sign.rs
Lines changed: 17 additions & 10 deletions
@@ -7,6 +7,7 @@ customers cannot upgrade their bootloader, its changes are recorded separately.
 ## Firmware
 
 ### [Unreleased]
+- Bitcoin: warn if the transaction fee is higher than 10% of the coins sent
 
 ### 9.13.0
 - Bitcoin: allow displaying BTC values in the 'sat' unit
 
@@ -428,6 +428,33 @@ def _sign_btc_normal(
         for input_index, sig in sigs:
             print("Signature for input {}: {}".format(input_index, sig.hex()))
 
+    def _sign_btc_high_fee(self) -> None:
+        # pylint: disable=no-member
+        bip44_account: int = 0 + HARDENED
+        inputs, outputs = _btc_demo_inputs_outputs(bip44_account)
+        outputs[1].value = int(1e8 * 0.18)
+        sigs = self._device.btc_sign(
+            bitbox02.btc.BTC,
+            [
+                bitbox02.btc.BTCScriptConfigWithKeypath(
+                    script_config=bitbox02.btc.BTCScriptConfig(
+                        simple_type=bitbox02.btc.BTCScriptConfig.P2WPKH
+                    ),
+                    keypath=[84 + HARDENED, 0 + HARDENED, bip44_account],
+                ),
+                bitbox02.btc.BTCScriptConfigWithKeypath(
+                    script_config=bitbox02.btc.BTCScriptConfig(
+                        simple_type=bitbox02.btc.BTCScriptConfig.P2WPKH_P2SH
+                    ),
+                    keypath=[49 + HARDENED, 0 + HARDENED, bip44_account],
+                ),
+            ],
+            inputs=inputs,
+            outputs=outputs,
+        )
+        for input_index, sig in sigs:
+            print("Signature for input {}: {}".format(input_index, sig.hex()))
+
     def _sign_btc_multiple_changes(self) -> None:
         # pylint: disable=no-member
         bip44_account: int = 0 + HARDENED
@@ -647,6 +674,7 @@ def _sign_btc_tx(self) -> None:
                     format_unit=bitbox02.btc.BTCSignInitRequest.FormatUnit.SAT
                 ),
             ),
+            ("High fee warning", self._sign_btc_high_fee),
             ("Multiple change outputs", self._sign_btc_multiple_changes),
             ("Locktime/RBF", self._sign_btc_locktime_rbf),
             ("Taproot inputs", self._sign_btc_taproot_inputs),
 
@@ -741,9 +741,11 @@ async fn _process(request: &pb::BtcSignInitRequest) -> Result<Response, Error> {
     let fee: u64 = total_out
         .checked_sub(outputs_sum_out)
         .ok_or(Error::InvalidInput)?;
+    let fee_percentage: f64 = 100. * (fee as f64) / (outputs_sum_out as f64);
     transaction::verify_total_fee(
         &format_amount(coin_params, format_unit, total_out)?,
         &format_amount(coin_params, format_unit, fee)?,
+        Some(fee_percentage),
     )
     .await?;
     status::status("Transaction\nconfirmed", true).await;
@@ -1225,7 +1227,7 @@ mod tests {
         mock(Data {
             ui_confirm_create: Some(Box::new(move |_params| true)),
             ui_transaction_address_create: Some(Box::new(|_amount, _address| true)),
-            ui_transaction_fee_create: Some(Box::new(|_total, _fee| true)),
+            ui_transaction_fee_create: Some(Box::new(|_total, _fee, _longtouch| true)),
             ..Default::default()
         });
     }
@@ -1546,7 +1548,7 @@ mod tests {
                         _ => panic!("unexpected UI dialog"),
                     }
                 })),
-                ui_transaction_fee_create: Some(Box::new(move |total, fee| {
+                ui_transaction_fee_create: Some(Box::new(move |total, fee, longtouch| {
                     match unsafe {
                         UI_COUNTER += 1;
                         UI_COUNTER
@@ -1569,6 +1571,7 @@ mod tests {
                                 }
                                 _ => panic!("unexpected coin"),
                             }
+                            assert!(longtouch);
                             true
                         }
                         _ => panic!("unexpected UI dialog"),
@@ -1895,7 +1898,7 @@ mod tests {
                     UI_COUNTER += 1;
                     UI_COUNTER != CURRENT_COUNTER
                 })),
-                ui_transaction_fee_create: Some(Box::new(|_total, _fee| unsafe {
+                ui_transaction_fee_create: Some(Box::new(|_total, _fee, _longtouch| unsafe {
                     UI_COUNTER += 1;
                     UI_COUNTER != CURRENT_COUNTER
                 })),
@@ -1988,7 +1991,7 @@ mod tests {
             unsafe { LOCKTIME_CONFIRMED = false }
             mock_default_ui();
             mock(Data {
-                ui_transaction_fee_create: Some(Box::new(|_total, _fee| true)),
+                ui_transaction_fee_create: Some(Box::new(|_total, _fee, _longtouch| true)),
                 ui_transaction_address_create: Some(Box::new(|_amount, _address| true)),
                 ui_confirm_create: Some(Box::new(move |params| {
                     if params.body.contains("Locktime") {
@@ -2018,6 +2021,53 @@ mod tests {
         }
     }
 
+    // Test a transaction with an unusually high fee.
+    #[test]
+    fn test_high_fee_warning() {
+        let transaction =
+            alloc::rc::Rc::new(core::cell::RefCell::new(Transaction::new(pb::BtcCoin::Btc)));
+        transaction.borrow_mut().outputs[1].value = 1034567890;
+        // One more confirmation for the high fee warning.
+        transaction.borrow_mut().total_confirmations += 1;
+        mock_host_responder(transaction.clone());
+        static mut UI_COUNTER: u32 = 0;
+        static mut FEE_CHECKED: bool = false;
+        mock(Data {
+            ui_transaction_address_create: Some(Box::new(|_amount, _address| unsafe {
+                UI_COUNTER += 1;
+                true
+            })),
+            ui_transaction_fee_create: Some(Box::new(|total, fee, longtouch| unsafe {
+                UI_COUNTER += 1;
+                assert_eq!(total, "13.399999 BTC");
+                assert_eq!(fee, "2.0541901 BTC");
+                assert!(!longtouch);
+                true
+            })),
+            ui_confirm_create: Some(Box::new(move |params| unsafe {
+                match {
+                    UI_COUNTER += 1;
+                    UI_COUNTER
+                } {
+                    7 => {
+                        assert_eq!(params.title, "High fee");
+                        assert_eq!(params.body, "The fee rate\nis 18.1%.\nProceed?");
+                        assert!(params.longtouch);
+                        FEE_CHECKED = true;
+                        true
+                    }
+                    _ => true,
+                }
+            })),
+            ..Default::default()
+        });
+        mock_unlocked();
+        let tx = transaction.borrow();
+        assert!(block_on(process(&tx.init_request())).is_ok());
+        assert_eq!(unsafe { UI_COUNTER }, tx.total_confirmations);
+        assert!(unsafe { FEE_CHECKED });
+    }
+
     // Test a P2TR output. It is not part of the default test transaction because Taproot is not
     // active on Litecoin yet.
     #[test]
@@ -2040,7 +2090,7 @@ mod tests {
                 }
                 true
             })),
-            ui_transaction_fee_create: Some(Box::new(|_total, _fee| true)),
+            ui_transaction_fee_create: Some(Box::new(|_total, _fee, _longtouch| true)),
             ui_confirm_create: Some(Box::new(move |_params| true)),
             ..Default::default()
         });
@@ -2262,7 +2312,7 @@ mod tests {
                 }
             })),
             ui_transaction_address_create: Some(Box::new(|_amount, _address| true)),
-            ui_transaction_fee_create: Some(Box::new(|_total, _fee| true)),
+            ui_transaction_fee_create: Some(Box::new(|_total, _fee, _longtouch| true)),
             ..Default::default()
         });
         mock_unlocked();
@@ -2318,14 +2368,15 @@ mod tests {
                 }
                 true
             })),
-            ui_transaction_fee_create: Some(Box::new(|total, fee| {
+            ui_transaction_fee_create: Some(Box::new(|total, fee, longtouch| {
                 match unsafe {
                     UI_COUNTER += 1;
                     UI_COUNTER
                 } {
                     5 => {
                         assert_eq!(total, "0.00090175 TBTC");
                         assert_eq!(fee, "0.00000175 TBTC");
+                        assert!(longtouch);
                     }
                     _ => panic!("unexpected UI dialog"),
                 }
 
@@ -260,6 +260,7 @@ async fn _process(request: &pb::CardanoSignTransactionRequest) -> Result<Respons
         transaction::verify_total_fee(
             &format_value(params, total + request.fee),
             &format_value(params, request.fee),
+            None,
         )
         .await?;
     }
@@ -451,9 +452,10 @@ mod tests {
                     _ => panic!("unexpected user confirmations"),
                 }
             })),
-            ui_transaction_fee_create: Some(Box::new(|total, fee| {
+            ui_transaction_fee_create: Some(Box::new(|total, fee, longtouch| {
                 assert_eq!(total, "6.170499 ADA");
                 assert_eq!(fee, "0.170499 ADA");
+                assert!(longtouch);
                 unsafe {
                     TOTAL_CONFIRMED = true;
                 }
@@ -826,7 +828,7 @@ mod tests {
         mock(Data {
             ui_confirm_create: Some(Box::new(|_params| true)),
             ui_transaction_address_create: Some(Box::new(|_amount, _address| true)),
-            ui_transaction_fee_create: Some(Box::new(|_total, _fee| true)),
+            ui_transaction_fee_create: Some(Box::new(|_total, _fee, _longtouch| true)),
             ..Default::default()
         });
         mock_unlocked();
@@ -901,7 +903,7 @@ mod tests {
             })),
 
             ui_transaction_address_create: Some(Box::new(|_amount, _address| true)),
-            ui_transaction_fee_create: Some(Box::new(|_total, _fee| true)),
+            ui_transaction_fee_create: Some(Box::new(|_total, _fee, _longtouch| true)),
             ..Default::default()
         });
         mock_unlocked();
@@ -971,7 +973,7 @@ mod tests {
                 }
             })),
             ui_transaction_address_create: Some(Box::new(|_amount, _address| true)),
-            ui_transaction_fee_create: Some(Box::new(|_total, _fee| true)),
+            ui_transaction_fee_create: Some(Box::new(|_total, _fee, _longtouch| true)),
             ..Default::default()
         });
         mock_unlocked();
@@ -1032,7 +1034,7 @@ mod tests {
                 }
             })),
             ui_transaction_address_create: Some(Box::new(|_amount, _address| true)),
-            ui_transaction_fee_create: Some(Box::new(|_total, _fee| true)),
+            ui_transaction_fee_create: Some(Box::new(|_total, _fee, _longtouch| true)),
             ..Default::default()
         });
         mock_unlocked();
@@ -1158,7 +1160,7 @@ mod tests {
                     _ => panic!("unexpected user confirmation"),
                 }
             })),
-            ui_transaction_fee_create: Some(Box::new(|_total, _fee| true)),
+            ui_transaction_fee_create: Some(Box::new(|_total, _fee, _longtouch| true)),
             ..Default::default()
         });
         mock_unlocked();
 
@@ -113,7 +113,7 @@ async fn verify_erc20_transaction(
         None => ("Unknown token".into(), "Unknown amount".into()),
     };
     transaction::verify_recipient(&recipient_address, &formatted_value).await?;
-    transaction::verify_total_fee(&formatted_total, &formatted_fee).await?;
+    transaction::verify_total_fee(&formatted_total, &formatted_fee, None).await?;
     Ok(())
 }
 
@@ -176,7 +176,7 @@ async fn verify_standard_transaction(
         decimals: WEI_DECIMALS,
         value: amount.value.add(&fee.value),
     };
-    transaction::verify_total_fee(&total.format(), &fee.format()).await?;
+    transaction::verify_total_fee(&total.format(), &fee.format(), None).await?;
     Ok(())
 }
 
@@ -355,9 +355,10 @@ mod tests {
                 assert_eq!(address, "0x04F264Cf34440313B4A0192A352814FBe927b885");
                 true
             })),
-            ui_transaction_fee_create: Some(Box::new(|total, fee| {
+            ui_transaction_fee_create: Some(Box::new(|total, fee, longtouch| {
                 assert_eq!(total, "0.53069 ETH");
                 assert_eq!(fee, "0.000126 ETH");
+                assert!(longtouch);
                 true
             })),
             ..Default::default()
@@ -408,9 +409,10 @@ mod tests {
                 assert_eq!(address, "0x04F264Cf34440313B4A0192A352814FBe927b885");
                 true
             })),
-            ui_transaction_fee_create: Some(Box::new(|total, fee| {
+            ui_transaction_fee_create: Some(Box::new(|total, fee, longtouch| {
                 assert_eq!(total, "0.53069 TETH");
                 assert_eq!(fee, "0.000126 TETH");
+                assert!(longtouch);
                 true
             })),
             ..Default::default()
@@ -461,9 +463,10 @@ mod tests {
                 assert_eq!(address, "0x04F264Cf34440313B4A0192A352814FBe927b885");
                 true
             })),
-            ui_transaction_fee_create: Some(Box::new(|total, fee| {
+            ui_transaction_fee_create: Some(Box::new(|total, fee, longtouch| {
                 assert_eq!(total, "0.53069 ETH");
                 assert_eq!(fee, "0.000126 ETH");
+                assert!(longtouch);
                 true
             })),
             ..Default::default()
@@ -501,9 +504,10 @@ mod tests {
                 assert_eq!(address, "0xE6CE0a092A99700CD4ccCcBb1fEDc39Cf53E6330");
                 true
             })),
-            ui_transaction_fee_create: Some(Box::new(|total, fee| {
+            ui_transaction_fee_create: Some(Box::new(|total, fee, longtouch| {
                 assert_eq!(total, "57 USDT");
                 assert_eq!(fee, "0.0012658164 ETH");
+                assert!(longtouch);
                 true
             })),
             ..Default::default()
@@ -540,9 +544,10 @@ mod tests {
                 assert_eq!(address, "0x857B3D969eAcB775a9f79cabc62Ec4bB1D1cd60e");
                 true
             })),
-            ui_transaction_fee_create: Some(Box::new(|total, fee| {
+            ui_transaction_fee_create: Some(Box::new(|total, fee, longtouch| {
                 assert_eq!(total, "Unknown amount");
                 assert_eq!(fee, "0.000067973 ETH");
+                assert!(longtouch);
                 true
             })),
             ..Default::default()
@@ -665,9 +670,10 @@ mod tests {
                     assert_eq!(address, "0x04F264Cf34440313B4A0192A352814FBe927b885");
                     true
                 })),
-                ui_transaction_fee_create: Some(Box::new(|total, fee| {
+                ui_transaction_fee_create: Some(Box::new(|total, fee, longtouch| {
                     assert_eq!(total, "0.53069 ETH");
                     assert_eq!(fee, "0.000126 ETH");
+                    assert!(longtouch);
                     false
                 })),
                 ..Default::default()
@@ -678,7 +684,7 @@ mod tests {
             // Keystore locked.
             mock(Data {
                 ui_transaction_address_create: Some(Box::new(|_, _| true)),
-                ui_transaction_fee_create: Some(Box::new(|_, _| true)),
+                ui_transaction_fee_create: Some(Box::new(|_, _, _| true)),
                 ..Default::default()
             });
             assert_eq!(block_on(process(&valid_request)), Err(Error::Generic));
@@ -727,14 +733,15 @@ mod tests {
                     _ => panic!("unexpected user confirmation"),
                 }
             })),
-            ui_transaction_fee_create: Some(Box::new(|total, fee| {
+            ui_transaction_fee_create: Some(Box::new(|total, fee, longtouch| {
                 match unsafe {
                     CONFIRM_COUNTER += 1;
                     CONFIRM_COUNTER
                 } {
                     4 => {
                         assert_eq!(total, "0.53069 ");
                         assert_eq!(fee, "0.000126 ");
+                        assert!(longtouch);
                         true
                     }
                     _ => panic!("unexpected user confirmation"),