Astar Ledger app maintenance support treasury proposal

Dear Astar community, my name is Ainhoa, from Zondax team, and I am submitting a proposal for further development and maintenance of the recently released Astar Ledger App.

We are requesting fund from Astar treasury. Although the budget is stated in USD, we acknowledge that if approved, the payout from treasury will be in ASTR tokens equivalent to the USD amount requested.

Proponent account: XUb5M87FHkzCRL5D1bj2dWWHu4bYxVEoWyhEWUCLY9qvCwb

If you have any questions or need further clarification, please feel free to reach out.

Overview and Context

Zondax has developed the Astar Ledger app providing users with a secure and seamless experience for interacting with the Astar blockchain from their Ledger devices. Our goal with this proposal is to enhance the app’s functionality and ensure its continuous compatibility with runtime upgrades and major modifications. We are committed to delivering a high-quality Ledger app that meets the evolving needs of the community.

W3F Grant initially covered the initial basic implementation of the Astar Ledger app. This work has been completed and any additional features or maintenance for Astar Ledger App are not covered.

The team

Zondax is a growing and distributed team with experience and projects for more than 50 blockchains. Zondax has been contributing to the Substrate ecosystem since 2018-2019. The team has received and completed a large number of W3F grants and currently maintains most Ledger apps for the ecosystem. Apart from the substrate ecosystem, Zondax participates and contributes to other large ecosystems such as Cosmos, Avalanche, Algorand, Filecoin, ICP, etc. Our team includes experts in most blockchain aspects, cryptography and programming languages.

Legal structure

Zondax AG

Dammstrasse 16

Zug 6300

Switzerland

UID CHE-491.796.576

Most of our contributions to the blockchain ecosystem can be found in our GitHub organization: zondax · GitHub

Over the last few years, Zondax has been involved in a large number of projects for most of the key players in the blockchain industry. For this reason, we are confident that we can provide a long term commitment.

Project Overview/ SoW :

Given that we have already developed the Astar Ledger app, which is available under the following GitHub repository (GitHub - Zondax/ledger-astar), our next steps will include implementing additional features requested by the Astar team and the community, providing compatibility with runtime upgrades, and offering comprehensive maintenance support. We will follow a detailed timeline for each task that will be shared with the team, ensuring efficient execution and timely delivery. The costs associated with each phase are outlined in the budget section.

1. Additional features: Based on the leading team requests, we will add new features to the Astar Ledger app to improve user experience and expand functionality. We will budget additional features up to 50h of development.
2. Maintenance and app Compatibility: We will diligently update the Ledger app to ensure compatibility with runtime upgrades and major modifications of the Astar blockchain, polkadot, Substrate or Ledger SDK. This will cover the following services:

• Upgrading Ledger SDK or firmware that affects the application
• Providing device support for Ledger Nano S, Nano Plus, Nano X, Stax
• Fixing security issues related to Ledger SDK layers
• Monitoring and addressing repository and issue triage
• Supporting breaking upgrades such as runtime and tx_version breaking upgrades
• Addressing incidental development and modifications
• Ensuring resource availability through internal training and resource rotation
• Analyzing and providing early warnings for known security issues that may affect your application
• Prioritizing and providing early warnings for urgent issues or vulnerabilities
• Coordinating periodically with Ledger

3. External Third-party formal reviews with Ledger approved auditors to enable a seamless release process. This is a mandatory requirement before official release by Ledger. The external auditor will be selected from a list provided by Ledger SAS. Ledger SAS claims and it is public knowledge that when provided with a satisfactory auditor report from an auditor in that list, apps will be published in a much shorter period of time. In order to streamline the publication process.

Budget and Funding:

To support the development and maintenance of the Astar Ledger app, we have prepared a comprehensive budget breakdown:

1. New features: up to 50 working hours (over the maintenance period of 6 months) 8’800 USD
2. Maintenance Support x 6 months 33’800 USD
3. External Third-party formal reviews up to a budget cost of 16,250 USD. The exact amount of audits needed and cost per audit will depend on the complexity of the changes and the breaking upgrades. Based on previous experience we expect this should cover enough upgrades for the period of 6 months. If additional budget is needed for external audits this will be communicated in advance.

The total amount of budget requested is 58’850 USD for developing new features, maintaining the app after breaking upgrades and assuring a smooth release process with third-party reviews. The fee is paid upfront for six months of product maintenance time.

License and Legal Notes

Submission

Zondax implements changes under the Apache 2.0 license. Zondax is building upon an app (GitHub - Zondax/ledger-astar) that the Astar team has already submitted to Ledger. We will submit PRs to Ledger with the corresponding improvements. We assume that the original submitter and/or Ledger authorize and approve our pull request and modification effectively and timely.

Compensation

The compensation is paid upon approval of the proposal or according to the compensation mechanisms provided for in the corresponding chain protocol.

Liability and warranty

Zondax shall develop the solution according to the present proposal under the Open Source Apache 2.0 license. Accordingly, any warranty and liability is limited to what is expressed in the Apache 2.0 license. In general, Zondax disclaims any liability and warranty to the extent permitted by law arising from the present proposal and the resulting agreement.

Applicable Law / Place of Jurisdiction

Swiss law is applicable. The place of jurisdiction is Zug.

Thank you so much for the proposal.

Having Ledger is definitely plus for the entire ecosystem.
I appreciate your maintenance work as a partner.

Good proposal I voted, yes but pls reduce the costs 20-30% if possible , it’s too much guys , don’t be greedy, you have 50+ parachains more

What are the stats on the use of this app? I’m a fan of hard wallets, but I find the singular parachain approach on Ledger very cumbersome and I wonder how many people use this for the amount of money requested.
33,800 USD for 6 months support seems a lot. How are these costs justified?
Would it not be better to look at dApp staking to provide regular funding for this?

I’m voting No due to the extremely high cost.

I think ledger support is very important, but the costs are very high. Could you explain how the Maintenance Support x 6 months 33’800 USD is calculated?

It’s an important update. But the high cost made me vote no.

I also voted no because I find the amount requested too high and unjustified.

What’s more, there’s already a discussion on the Polkadot forum about having a Common Ledger app compatible with all Polkadot and Kusama Parachains, including Astar and Shiden.

What makes your proposal more interesting for Astar than this one?

I also voted no because the cost is high and I would prefer a common solution for all parachains instead of a specific app by parachain.

I voted against the proposal due to my belief that the requested amount is excessively high and lacks justification. Additionally, there is an ongoing discussion on the Polkadot forum regarding the development of a Common Ledger app that would be compatible with all Polkadot and Kusama Parachains, including Astar and Shiden.

As you may know, the increasing number of runtime upgrades that Polkadot is implementing has become a problem for the ecosystem. Not only they require parachains to keep up with these upgrades, but it also implies that updates need to be made in all Ledger apps and go through Ledger’s review process. Not to mention that audits are currently a paid instance……
Clearly, this context has become unfavorable for many parachains, especially during a bear market where resources need to be carefully managed. That’s why we have been discussing with Parity the idea of creating a Generic Polkadot Ledger app to prevent network breaking changes from affecting the Ledger app. Our proposal together with the Kampela team for a long-term secure generic app solution is currently under votation https://polkadot.polkassembly.io/referenda/62
While we are already starting to work on our proposal, we believe that it will some months to be production-ready. Therefore, maintenance, in the case of Astar, remains crucial to keep the app live and compatible with runtime upgrades.

Thank you for your participation in this discussion and for giving us the opportunity to further explain our proposal. We are happy to provide more detailed information.The cost is determined based on the following factors:

• Dedicated support: We allocate approximately 40 hours per month to ensure the Astar Ledger app remains live, this means to perform the required development , and actively monitor the ecosystem. This includes addressing any issues that may arise and providing support to both the community and the Astar team. Please take note of the points included in the proposal:

1. Upgrading Ledger SDK or firmware that affects the application
2. Providing device support for Ledger Nano S, Nano Plus, Nano X, Stax
3. Fixing security issues related to Ledger SDK layers
4. Monitoring and addressing repository and issue triage
5. Supporting breaking upgrades such as runtime and tx_version breaking upgrades
6. Addressing incidental development and modifications
7. Ensuring resource availability through internal training and resource rotation
8. Analyzing and providing early warnings for known security issues that may affect your application
9. Prioritizing and providing early warnings for urgent issues or vulnerabilities
10. Coordinating periodically with Ledger

• Project management: The cost covers project management expenses for coordinating development tasks, pushing and keeping Ledger up to date, and coordinating third party security audits.

• Insurance-like maintenance: It is important to understand that the Maintenance support acts as a form of insurance, covering ongoing updates (from Ledger, from polkadot, from Astar or from Substrate) technical assistance, and project management. This helps ensure the security and reliability of the Astar Ledger app.

Great initiative but it’ll be great to re-consider on cost side.