Cosmos SDK's Sign Mode Textual (SIGN_MODE_TEXTUAL) is a new string-based sign mode that targets signing with hardware devices. It works by creating a representation of a transaction as a sequence of "screens", which are then encoded using CBOR (RFC 8949).
These screens have a title, content, and indentation level to represent data that has multiple levels and an "expert" flag, which can be used to conceal information that may not be relevant to nontechnical users, such as the hash of the raw bytes or the public key being used.
Zellic conducted a security assessment for Cosmos SDK from May 2nd to May 23rd, 2023. During this engagement, Zellic reviewed Sign Mode Textual's code for security vulnerabilities, design issues, and general weaknesses in security posture.