Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't kill 1/2 bytes from private keys please #2033

Closed
mirek opened this issue Nov 2, 2018 · 0 comments
Closed

Don't kill 1/2 bytes from private keys please #2033

mirek opened this issue Nov 2, 2018 · 0 comments
Labels
Bug Addressing a bug

Comments

@mirek
Copy link

mirek commented Nov 2, 2018

When using:

web3.eth.accounts.signTransaction(txParams, privateKey)

a) If your private key is hex0x - all good.

b) If your private key is hex - everyting will work fine, no errors, but your signed transaction will be with private key with one byte zero'ed.

c) If your private key is Buffer - everything will be signed, no errors, but your signed transaction will be with private key with two first bytes zero'ed.

a) 870c20575bd9da9d747011401ed345edf6229c96ba2bfcd965ed6dee1fc3afd3
b) 000c20575bd9da9d747011401ed345edf6229c96ba2bfcd965ed6dee1fc3afd3
c) 000020575bd9da9d747011401ed345edf6229c96ba2bfcd965ed6dee1fc3afd3

...which is kind of cute that 3 different representations create 3 valid, different signed transactions, all thanks to web3 not validating it's inputs and this internally doing the same https://github.com/MaiaVictor/eth-lib/blob/master/src/account.js#L47

const Web3 = require('web3')
const web3 = new Web3('http://localhost:8545')

const pk = '870c20575bd9da9d747011401ed345edf6229c96ba2bfcd965ed6dee1fc3afd3'
const pk0x = `0x${pk}`
const pkb = Buffer.from(pk, 'hex')

const tx = {
  to: '0xF0109fC8DF283027b6285cc889F5aA624EaC1F55',
  value: '1000000000',
  gas: 2000000
}

const mh = _1 => web3.eth.accounts.signTransaction(tx, _1).then(_2 => _2.rawTransaction)

async function main() {
  console.log('pk     ', await mh(pk))
  console.log('pk0x   ', await mh(pk0x))
  console.log('pkb    ', await mh(pkb))

  console.log('pk00   ', await mh('0x00' + pk.slice(2)))
  console.log('pk0000 ', await mh('0x0000' + pk.slice(4)))
}

main()

// Output:
// pk      0xf8648080831e848094f0109fc8df283027b6285cc889f5aa624eac1f55843b9aca00802ba0ef96e99731c7aafd230a21c322e4043a830a5174370d7395f69c3c97dc22540da03262a83de0b19a3afb97c9ce42c3be8f07291023120227420a2850ec1452a0f9
// pk0x    0xf8648080831e848094f0109fc8df283027b6285cc889f5aa624eac1f55843b9aca00802ba0c7f6b9dd95dfbd7b433b63b0862381fe87c8515cc2c1ee2b605639aafe49a076a02ac4429dcd696c485f88dfe9809a75939890e1b8e260132eeb671c5a464630e3
// pkb     0xf8648080831e848094f0109fc8df283027b6285cc889f5aa624eac1f55843b9aca00802ca0b30df73f90272f0819e103bcfcb1b7b1d960f329f0ad6a37df406a9f569d9e25a013569cca9c23e5050e0f4c0957edad761aba727d802769aaa9028ed1a5232171
// pk00    0xf8648080831e848094f0109fc8df283027b6285cc889f5aa624eac1f55843b9aca00802ba0ef96e99731c7aafd230a21c322e4043a830a5174370d7395f69c3c97dc22540da03262a83de0b19a3afb97c9ce42c3be8f07291023120227420a2850ec1452a0f9
// pk0000  0xf8648080831e848094f0109fc8df283027b6285cc889f5aa624eac1f55843b9aca00802ca0b30df73f90272f0819e103bcfcb1b7b1d960f329f0ad6a37df406a9f569d9e25a013569cca9c23e5050e0f4c0957edad761aba727d802769aaa9028ed1a5232171
@mirek mirek changed the title Don't kill two bytes from private keys please Don't kill 1/2 bytes from private keys please Nov 2, 2018
@nivida nivida added the Bug Addressing a bug label Nov 28, 2018
@nivida nivida added this to the 1.0 milestone Nov 30, 2018
@nivida nivida mentioned this issue Mar 26, 2019
12 tasks
@nivida nivida closed this as completed Mar 27, 2019
@nivida nivida mentioned this issue Mar 28, 2019
12 tasks
@nivida nivida mentioned this issue Oct 21, 2019
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug Addressing a bug
Projects
None yet
Development

No branches or pull requests

2 participants