Potential access to unreferenced data during wallet vault creation

[filippsen]

Environment/Browser

Version 1.2.0

Description

The wallet vault is created asynchronously and wallet.addresses is only initialized on assignment. Before the asynchronous callbacks called in newWallet finish, all calls to getAddress with valid walletName and index as input, targetting a valid wallet, are subject to unreferenced or out of bounds error (when interpretingwallet.addresses[index]). The same unreferenced data access may happen in similar calls to getKey.

At the moment, this is not a problem in practice. However, the following set of changes may trigger issue: the program flow changes; or, additional code interacting with the wallet gets executed in the pre-loader or during loading; or if/when the loading screen gets removed.

Suggestions

1. Consider tightening up both the getAddress and getKey wallet error checking;
2. Consider improving the isOpen procedure to only return true after the wallet vault has returned (Note: this includes handling potential failure during the vault process). Example: set wallets[name] at the end of the createVault callback function execution.