[NayNay] Signing bug for validators #63
Conversation
src/flows/sign/index.ts
Outdated
| import { initializeEntropy } from "../../common/initializeEntropy" | ||
| import { debug, getSelectedAccount, print } from "../../common/utils" | ||
|
|
||
| let msg: string | ||
| let signingAttempts: number = 0 |
There was a problem hiding this comment.
🔥 this is a global variable. The way you're using it means that this function will try fixing once, then it will not be reset to 0 after this signing... so all future buggy signings will be skipped.
This function feels like it's way too fancy, and also not really named what it is. I *\think* all that we need is for the original code to be the same but like this:
const sigOpts = {
msg: msgParam,
order: ['deviceKeyProxy', 'noop'],
}
const signature = await entropy.signWithAdaptersInOrder(sigOpt)
.catch(err => {
// HACK: sometimes order is reversed D:
sigOpts.order.reverse()
return entropy.signWithAdaptersInOrder(sigOpt)
})There was a problem hiding this comment.
NOTE this code assumes signWithAdaptersInOrder DOES NOT MUTATE the input... that would need checking.
We should not write functions which mutate inputs though 💀
There was a problem hiding this comment.
don't see any mutations, should be fine?
There was a problem hiding this comment.
🔥 this is a global variable. The way you're using it means that this function will try fixing once, then it will not be reset to 0 after this signing... so all future buggy signings will be skipped.
This function feels like it's way too fancy, and also not really named what it is. I *\think* all that we need is for the original code to be the same but like this:
const sigOpts = { msg: msgParam, order: ['deviceKeyProxy', 'noop'], } const signature = await entropy.signWithAdaptersInOrder(sigOpt) .catch(err => { // HACK: sometimes order is reversed D: sigOpts.order.reverse() return entropy.signWithAdaptersInOrder(sigOpt) })
We could do this way of catching the error, but we still need to keep track of the attempts made to signing and handle accordingly. I find the try..catch to be cleaner, thoughts?
There was a problem hiding this comment.
try/catchis the same aspromise.catch🤷 (don't mind)- your global variable is still a liability - if multiple people are calling this function your global variable becomes a race condition
You need to change this to not use it - either the way I suggested, or pass the attempts count as an argument
async function signWithAdaptersInOrder (entropy, signingData, attempts = 0) {
if (attempts > 1) throw Error('NOPE')
// ...
const newSignData = { /* ... */ } // shuffle
return signWithAdaptersInOrder(entropy, newSignData, attempts + 1)
}
- updated signing with adapters to retry the signing request if a specific error is hit as defined in this issue entropyxyz/sdk#367
rh0delta
force-pushed
the
naynay/signing-validators-bug
branch
from
cc81daa
to
ad43e99
Compare
|
@mixmix ready for re-review |
|
@rh0delta that 🔥 is still an issue. I've added more context why it's dangerous |
|
@mixmix this is ready for re-review. I followed your idea of passing in the signing attempts, but rather than having the check for the number of attempts at the top, I've added it to the conditional for retrying the signing request with the shuffled order |
closes entropyxyz/sdk#367
close #77