fix(keystore): throw on address mismatch instead of silently warning#2
Open
amathxbt wants to merge 1 commit into
Open
fix(keystore): throw on address mismatch instead of silently warning#2amathxbt wants to merge 1 commit into
amathxbt wants to merge 1 commit into
Conversation
importFromGoKeystore() compared the stored keyAddress against the address derived from the public key, but only issued a console.warn on mismatch and then silently returned the stored (wrong) address. A corrupted or tampered keystore entry would be accepted without error, causing outgoing transactions to be signed with a key that does not match the on-chain address — resulting in fund loss or permanently rejected txs. Fix: throw an Error with a clear message so callers can detect and reject integrity failures before any funds are at risk.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bug
importFromGoKeystore()verifies that the address derived from the public key matchesentry.keyAddress, but responds to a mismatch with only aconsole.warn. The mismatched entry is then silently returned to the caller using the stored (wrong) address.Impact: A corrupted or tampered keystore entry is accepted without error. Subsequent transactions are built with an address that does not match the signing key, so they are either rejected by the network or—if the stored address belongs to a different key—send funds to an uncontrolled account.
Fix
Replace
console.warnwith a thrownErrorthat identifies both addresses. Callers that handle keystore entries should catch this to surface integrity failures before any funds are at risk.