-
Notifications
You must be signed in to change notification settings - Fork 249
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong payload being signed #1442
Comments
This means that signing is not working correctly. I don't fully understand how it worked beforehand and signed transactions were passed successfully and didn`t throw any errors? |
@AlexKushnir1 My guess is that nobody used it and detected it, or simply nobody reported the error |
@gagdiez I opine it has sense to clarify that we expect hash of |
I see that actually |
I just thought, if we specify on the I tested this func and related and there came to a conclusion that is"nt working, after adding hashing it was signed correctly and passed on the chain. Regarding the tests I would describe an issue and work for all client package |
I"m not sure I understand where is |
The const hash = new Uint8Array(sha256(message)); near-api-js/packages/signers/src/in_memory_signer.ts Lines 65 to 80 in c49fd67
|
Sure, I didn`t test with the signer from keystore. THANKS! Does the KeyPair signer still have an issue? |
the |
Just tested like this: async function testSigners() {
const rpcProvider = getTestnetRpcProvider();
const signer = getSignerFromPrivateKey(PRIVATE_KEY);
const {result, outcome} = await SignedTransactionComposer.init({
sender: ACCOUNT_ID,
receiver: 'alexkushnir.testnet',
deps: { rpcProvider, signer },
})
.functionCall(
"sign",
Buffer.from(JSON.stringify({ request : {key_version:0,path:"test",payload:[12,1,2,0,4,5,6,8,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,44]}})),
BigInt(300000000000000),
BigInt(1)
)
.signAndSend();
console.log(`${JSON.stringify(result, null)}`);
console.log(`${JSON.stringify(outcome, null)}`);
} And got the next errors
But when I pass hash function and compile js file: async function signTransaction({ transaction, deps: { signer } }) {
const encodedTx = new Uint8Array((0, sha256_1.sha256)(transaction.encode()));
const signedTransaction = new transactions_1.SignedTransaction({
transaction,
signature: new transactions_1.Signature({
keyType: transaction.publicKey.keyType,
data: await signer.signMessage(encodedTx),
}),
});
return {
encodedTransactionHash: encodedTx,
signedTransaction,
};
} Transaction is passing corectly |
I see, then we do have a problem, because one signer implements it and another does not... Either we make all signers hash the message, or we make all signers not hash the message, but having some doing it and some not is a huge problem I think it is more transparent to make the Invoking @frol to see if he has an opinion here, since he built |
I agree with @gagdiez, the API has to be aligned - either expect the full message and hash it inside, or require the hashed message and then don't hash it inside the signer. I believe that the signer method should expect the original message and hash and sign it; additionally, it may expose |
Ah, I think I know why that was implemented that way and creates this confusion:
|
There is currently an interface It"s weird to have signing staff in client package when we have a separate "signers" package. I guess we need to refactor it and unificate these two instances. WDYT? @frol @gagdiez |
The current implementation of
SignTransaction
signs thetransaction.encode()
, which is the borsh serialized version of thetransaction
:near-api-js/packages/client/src/transactions/sign_and_send.ts
Lines 18 to 25 in 9cb7e89
In reality, we need to sign the
sha256
hash of theborsh
serialized transaction:The text was updated successfully, but these errors were encountered: