-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
R4R: Fully verify the signature in gaiacli tx sign
#2995
Conversation
Codecov Report
@@ Coverage Diff @@
## develop #2995 +/- ##
==========================================
- Coverage 55.53% 55.5% -0.03%
==========================================
Files 120 120
Lines 8494 8494
==========================================
- Hits 4717 4715 -2
- Misses 3455 3457 +2
Partials 322 322 |
gaiacli tx sign
gaiacli tx sign
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pulled locally and working well for me! Also glad we added the logic to actually verify when we say we are. Good PR @alexanderbez
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's write a test
signers := stdTx.GetSigners() | ||
for i, signer := range signers { | ||
fmt.Printf(" %v: %v\n", i, signer.String()) | ||
} | ||
|
||
success := true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably a better way which we can avoid creating/using this variable altogether (for another PR though)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rigelrozanski I'm happy to do that in this PR since it's really in context. Do you have suggestions on how to?
We prefer to loop over all the sigs and not short-circuit. In other words, we cannot simply return an error or bool at first sight of a problem. Any suggestions on how to do this without keeping track via a variable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nope, if the point is to complete the loop before returning an error, then a variable must be used. What's the thinking behind completing the loop before returning?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The idea is that txs can have many signers/signatures. The UX we want to provide should show you all the signatures and either an OK or the ERROR. If we short-circuit, the user doesn't get the full picture.
I'd propose the function is ok.
@rigelrozanski @alessio updated. |
Co-Authored-By: alexanderbez <alexanderbez@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uACK
Fully verify the signature during
gaiacli tx sign --validate-signatures
closes: #2991
Targeted PR against correct branch (see CONTRIBUTING.md)
Linked to github-issue with discussion and accepted design OR link to spec that describes this work.
Wrote tests
Updated relevant documentation (
docs/
)Added entries in
PENDING.md
with issue #rereviewed
Files changed
in the github PR explorerFor Admin Use: