Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Transaction signing fixes #523

Merged
merged 5 commits into from
Jan 15, 2025
Merged

Transaction signing fixes #523

merged 5 commits into from
Jan 15, 2025

Conversation

sisou
Copy link
Member

@sisou sisou commented Jan 13, 2025

See the individual commit descriptions for change details.

@sisou sisou requested review from danimoh and mraveux January 13, 2025 15:42
@sisou sisou self-assigned this Jan 13, 2025
@sisou sisou force-pushed the soeren/tx-signing-fixes branch from 340dc77 to cb2f92c Compare January 13, 2025 15:44
danimoh
danimoh approved these changes Jan 14, 2025
View reviewed changes
Copy link
Member

@danimoh danimoh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense generally, and approved. Nonetheless, there are some smaller issues which should be addressed.

src/request/sign-transaction/SignTransaction.js Outdated Show resolved Hide resolved
src/request/sign-transaction/SignTransaction.js Outdated Show resolved Hide resolved
src/request/sign-transaction/SignTransaction.js Outdated
Comment on lines 192 to 193
const proof = Nimiq.SignatureProof.singleSig(publicKey, signature);
tx.proof = proof.serialize();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A single sig proof is a sensible default, but one could also argue that the Keyguard should not even make any assumptions about what proof to create and only return the signature. That was also the case before bb57646.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right. But the serializedTx return field is now used in Hub and probably Wallet, so removing that again will be a separate task.

src/request/swap-iframe/SwapIFrameApi.js
@@ -445,8 +445,9 @@ class SwapIFrameApi extends BitcoinRequestParserMixin(RequestParser) { // eslint
transaction.recipient, Nimiq.AccountType.HTLC, new Uint8Array(0),
transaction.sender, Nimiq.AccountType.Basic, new Uint8Array(0),
transaction.value - fee, fee,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fee calculation needs to be updated as transaction sizes changed with PoS.

Additionally, enforcing 0 as minimum value for the transaction amount would also make sense.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

167 bytes for refund txs is actually accurate. No idea if I updated this at some point, or it didn't change 🤷

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As an example see a refund tx from Fastspot: 098f74db2d247e05b3175933dbcd6027e21e36f58e06e94957f31ad14696bfd2

{
  hash: '098f74db2d247e05b3175933dbcd6027e21e36f58e06e94957f31ad14696bfd2',
  blockNumber: 6815039,
  timestamp: 1735439672089,
  confirmations: 1448037,
  size: 167,
  relatedAddresses: [
    'NQ79 JPT1 FFTJ U9TD HNRU N07T 4FGR 0PJJ VJ1D',
    'NQ56 VE9K PV0Y TK4T QBMY 8E9G B85J QR6M MSHL'
  ],
  from: 'NQ79 JPT1 FFTJ U9TD HNRU N07T 4FGR 0PJJ VJ1D',
  fromType: 2,
  to: 'NQ56 VE9K PV0Y TK4T QBMY 8E9G B85J QR6M MSHL',
  toType: 0,
  value: 8301585962,
  fee: 0,
  senderData: '',
  recipientData: '',
  flags: 0,
  validityStartHeight: 6815037,
  proof: '020008600ec9f0d44dc8d43275c705d7780caa31497d2620da4d7838d10574a6dfa100de3165b68453935067076f726018c60aaaa5ca0a128d0d0dc9882d309c63b359b2a229ca3b95b648c8abf97cf0d9fdba60440c7de57c192b9f5a23a5e59b4800',
  networkId: 24,
  executionResult: true
}

src/request/swap-iframe/SwapIFrameApi.js Outdated Show resolved Hide resolved
@sisou
Copy link
Member Author

sisou commented Jan 14, 2025

Thanks @danimoh, I addressed your comments.

mraveux
mraveux approved these changes Jan 15, 2025
View reviewed changes
Copy link
Member

@mraveux mraveux left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me 👍

I was wondering at first why you replaced the contractAddress by new Nimiq.Address(new Uint8Array(20)) in SwapIFrameApi.js but @danimoh explained it to me and we went to check it in the web client, and it looks good 😁

sisou added 5 commits January 15, 2025 15:47
@sisou
Allow SignTransaction to sign HTLC redeem transactions
f84fa3c 
Which is used by the manual refund flow for failed NIM swaps.

Before this change, only _basic_ transactions were supported by SignTransaction, but a HTLC refund tx is an extended transaction from a HTLC account type, which was not covered by the cases.

This changes it to use the already-parsed `transaction` from the request object, which allows signing of all transactions that the request accepts in the first place.

We also don't worry about any proof prefix bytes here, as those are added in the Hub when the result of this Keyguard request is received. The signature will still be correct, because a signature is not made over the proof prefix bytes.
@sisou
Fix calculated validityStartHeight of swap NIM refund transactions
8d8a8cf 
ValidityStartHeight is still a block number in PoS, not a timestamp.

This is not exact, unfortunately. But hopefully close enough. The calculated VSH is always smaller than it should be (blocks are faster than 1/second on average, time taken between request creation and this code is subtracted as well). But the watchtower only send the refund transaction once the timeout _timestamp_ of the swap has passed, at which point the transaction will still be valid.
@sisou
Let the Nimiq SDK calculate the HTLC address
627c170 
Instead of manually calculating it, we can use the built-in logic for HTLC creation transactions. We still need to recreate the parsed `transaction` though, because the recipient data is only known here and is part of the transaction hash (from which the HTLC address is calculated).
@sisou
Use newly added Nimiq SDK enums for hardcoded values again
7fb9b14
@sisou
Address review comments
54311e7 
- Simplify SignTransaction result creation (more in line with how it was before the switch to PoS)
- Explain swap refund transaction validity-start-height calculation drawbacks and lower-bound it to the HTLC creation VSH
@sisou sisou force-pushed the soeren/tx-signing-fixes branch from f9c5d36 to 54311e7 Compare January 15, 2025 14:47
@sisou
Copy link
Member Author

sisou commented Jan 15, 2025

Rebased for merging

@sisou sisou merged commit 4e49592 into master Jan 15, 2025
2 checks passed
@sisou sisou deleted the soeren/tx-signing-fixes branch January 15, 2025 14:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mraveux mraveux mraveux approved these changes

@danimoh danimoh danimoh approved these changes

Assignees

@sisou sisou

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sisou @danimoh @mraveux