Skip to content
This repository has been archived by the owner on Jun 11, 2024. It is now read-only.

Fix invalid signatures produced by signMultiSignatureTransactionWithPrivateKey #6968

Closed
Tracked by #6984
ManuGowda opened this issue Jan 2, 2022 · 0 comments
Closed
Tracked by #6984

Fix invalid signatures produced by signMultiSignatureTransactionWithPrivateKey #6968

ManuGowda opened this issue Jan 2, 2022 · 0 comments
Assignees
@ishantiw
Labels
elements/transactions type: bug
Milestone
Sprint 60

Comments

@ManuGowda
Copy link
Contributor

ManuGowda commented Jan 2, 2022
edited by shuse2
Loading

Expected behavior

signMultiSignatureTransactionWithPrivateKey should include correct signatures according to keys.

Actual behavior

signMultiSignatureTransactionWithPrivateKey overrides signatures

When second person (not original sender) use signMultiSignatureTransactionWithPrivateKey with includeSenderSignature, it overwrites the transaction.signatures[0]

Steps to reproduce

  1. Register a multi-signature account (e.g 2 mandatory)
  2. Sign a multi-signature registration transaction from account1
  3. Sign a multi-signature registration transaction from account2
  4. Observe the signatures of account1 is replaced with account2

Additional information

This issue can be resolved by

  1. Get public key from const signerPublicKey = lisk_cryptography_1.getPublicKey(privateKey);
  2. Update public key check
if (includeSenderSignature &&
        Buffer.isBuffer(transactionObject.senderPublicKey) &&
        signerPublicKey.equals(transactionObject.senderPublicKey)
    ) {
        transactionObject.signatures[0] = signature;
    }
    const mandatoryKeyIndex = keys.mandatoryKeys.findIndex(aPublicKey => aPublicKey.equals(signerPublicKey));
    const optionalKeyIndex = keys.optionalKeys.findIndex(aPublicKey => aPublicKey.equals(signerPublicKey));
    if (mandatoryKeyIndex !== -1) {

Which version(s) does this affect? (Environment, OS, etc...)

5.2.0
@ManuGowda ManuGowda mentioned this issue Jan 2, 2022
Merged
5 tasks
@milenagojkovic milenagojkovic added this to the Sprint 60 milestone Jan 3, 2022
@shuse2 shuse2 closed this as completed Jan 12, 2022
@shuse2 shuse2 modified the milestone: Sprint 60 Jan 14, 2022
@ManuGowda ManuGowda mentioned this issue Jan 17, 2022
Closed
shuse2 added a commit that referenced this issue Jan 19, 2022
@shuse2
Merge pull request #151 from LiskHQ/6968-signMultiSignatureTransactio…
a3eceeb 
…nWithPrivateKey-fix

Fix sign multi signature transaction with private key - Closes #6968
@shuse2 shuse2 mentioned this issue Jan 19, 2022
Closed
4 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ishantiw ishantiw

Labels
elements/transactions type: bug
Projects
None yet
Milestone
Sprint 60
Development

No branches or pull requests
4 participants
@shuse2 @ManuGowda @milenagojkovic @ishantiw