-
Notifications
You must be signed in to change notification settings - Fork 520
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
length check warning on arg publicKeyBytes for method deriveAddressFromBytes #2679
base: main
Are you sure you want to change the base?
Conversation
…omBytes Currently addresses are derived from any length of bytes, but documentation states that addresses are only derived from compressed public key points: https://xrpl.org/docs/concepts/accounts/cryptographic-keys/
@@ -88,6 +88,9 @@ function computePublicKeyHash(publicKeyBytes: Uint8Array): Uint8Array { | |||
} | |||
|
|||
function deriveAddressFromBytes(publicKeyBytes: Uint8Array): string { | |||
if (publicKeyBytes.byteLength > 33) { | |||
console.warn('publicKeyBytes should be compressed ed25519 or secp256k1 compressed point bytes, 32 bvytes prefixed with 02 or 03'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
console.warn('publicKeyBytes should be compressed ed25519 or secp256k1 compressed point bytes, 32 bvytes prefixed with 02 or 03'); | |
console.warn('publicKeyBytes should be compressed ed25519 or secp256k1 compressed point bytes, 32 bytes prefixed with 02 or 03'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please update the HISTORY.md
file.
@CodeRabbit full review |
@coderabbitai full review |
Actions performedFull review triggered. |
Warning Rate limit exceeded@justinr1234 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 29 minutes and 52 seconds before requesting another review. How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
@@ -88,6 +88,9 @@ function computePublicKeyHash(publicKeyBytes: Uint8Array): Uint8Array { | |||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it possible to make a similar update to computePublicKeyHash
method on line 86 ? That is another function making use of publicKeyBytes
@@ -88,6 +88,9 @@ function computePublicKeyHash(publicKeyBytes: Uint8Array): Uint8Array { | |||
} | |||
|
|||
function deriveAddressFromBytes(publicKeyBytes: Uint8Array): string { | |||
if (publicKeyBytes.byteLength > 33) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are there any disadvantages to having a stricter check?
if (publicKeyBytes.byteLength > 33) { | |
if (publicKeyBytes.byteLength != 33) { |
@@ -88,6 +88,9 @@ function computePublicKeyHash(publicKeyBytes: Uint8Array): Uint8Array { | |||
} | |||
|
|||
function deriveAddressFromBytes(publicKeyBytes: Uint8Array): string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It occurs to me that these types of checks could be avoided by having an explicit user-defined class for PublicKey
and PrivateKey
. The constructor of the class can enforce these checks. But that change requires a lot more effort.
Thanks for pointing this out!
Currently addresses are derived from any length of bytes, but documentation states that addresses are only derived from compressed public key points:
https://xrpl.org/docs/concepts/accounts/cryptographic-keys/
High Level Overview of Change
Not sure where this should go. Perhaps in the codec package.
Context of Change
I faced an error that was hard to debug since I was passing in an uncompressed public key point to deriveAddress and signing. Everthing was working locally with the xrpl libraries but the nodes were rejecting the transactions.
TLDR; I needed to call deriveAddress with the compressed public key point, as per documentation.
Nothing in the code prevents me from calling deriveAddress with any length of bytes, uncompressed or arbitrary length.
There should be a check.
Type of Change
Did you update HISTORY.md?
Test Plan
Please add commit to put this check in the right place and add warning to the codebase. It will help other developers in the future.