The Solana app on Ledger is a crucial part of the self-custody story within the Solana ecosystem. Until now, that app has been faithfully developed by contributors at Solana Labs but we are now looking for a new steward to continue to build out this public good.
See an RFP for further development on the Ledger app here, starting with:
support for “off-chain message signing”
the “ComputeBudget” instruction
a discovery document for future development across the suite of Ledger devices
All code is subject to code review from the Solana Labs and Ledger firmware teams.
Take note of the end date (7/31) and be sure to make sure all criteria is met prior to sending in an application. The listed grant amount is a maximum allocation and is issued in USD-equivalent locked SOL and gated behind delivery milestones. If for whatever reason this isn’t a workable solution, please let us know in the application or reach out to me directly.
This thread can be used for comments, questions, praise, and / or criticism, and is intended to be an open forum for any prospective responders. This thread is also an experiment in increasing the transparency through which RFPs are fielded by the Solana ecosystem too, so please be mindful that we’re all here to learn and grow.
Submissions to this RFP are not required to be public, but if it is helpful to share notes or combine forces, then please use this thread for such purposes.
One of the deliverables is Off-chain message signing support for Ledger devices. However, we noticed that off-chain message signing is already implemented in the Solana Ledger app, specifically in the file handle_sign_offchain_message.c, available at Link. Could you please clarify what additional work should be done regarding this deliverable?
Regarding the deliverable for ComputeBudget instruction support for Ledger devices, should we enable the user to set their own gas unit limit for each transaction?
For the Discovery document on memory, could you provide more details about what is expected? Should it be a summary for each Ledger device, or is it more like a research paper that includes analysis, measurements, chart, tests?
Concerning the section on “proposal on future accommodation for well-known tokens/instructions, including the Token-2022,” are we expected to demonstrate that our example implementation meets all the security requirementsor only lacks memory? How should we interpret this requirement?
For Off-chain message signing, are we only considering supporting ED25519?
offchain messages must adhere to the finalized message signing specification laid out here. see in-progress work to be finalized here
the Solana CLI support for the same OCMSF needs to be updated with tests
good question. probably unnecessary, i think just the display of the provided ComputeBudget is suitable.
the discovery document is intended to scaffold future work to support additional Ledger devices in the future, as well as streamline the development pipeline needed to add support for other actions and tokens in the future. this is a “we don’t know what we don’t know” piece but critical to know if there’s low-hanging fruit to improve the application or if its maxxed out.
i’m not fully sure how to answer this, but if you’re asking what i think you’re asking, i really just want to make sure that any future revamp of the app accommodates for the addition of new instructions in the future, not just existing ones
yes, i think that would be the only curve that makes sense. but let me know otherwise.