starknet.js icon indicating copy to clipboard operation
starknet.js copied to clipboard

Published 20 hours ago verified publisher icon starknet-io

bug: default value doesn't exists as mentioned in docs

Open itzlambda opened this issue 2 years ago • 7 comments

Describe the bug

I know this function is deprecated but i needed to use it for a CTF.

description of Invocation type says that the default value for signature is [].

but when its not specificed an error is thrown

    throw Error("formatSignature: provided signature is undefined");

To Reproduce call invokeFunction without specifying signature field

Expected behavior signature should use empty array as default value

Additional context I am willing to open a PR for this if needed.

itzlambda avatar Sep 28 '23 14:09 itzlambda

description of Invocation type says that the default value for signature is [].

I am not sure it says anything about the default value. It says it is undefined or ..., on that point, invokeFunction because of formatSignature does need sig even doe it is optional, this could be the issue referring to? On the same track, I am not sure we should provide [] as the default when undefined signature. Error is there to prevent unintentional undefined signature, but it should allow you to provide an empty array as a signature if you intentionally want to do it.

@penovicp @PhilippeR26

tabaktoni avatar Oct 04 '23 15:10 tabaktoni

Note that Contract interface is : https://github.com/starknet-io/starknet.js/blob/8e058fbd4d6f8f4ed6f098ff8e31c4bfca943fe7/src/contract/interface.ts#L115

and contract/default.ts is : https://github.com/starknet-io/starknet.js/blob/8e058fbd4d6f8f4ed6f098ff8e31c4bfca943fe7/src/contract/default.ts#L320

Return type is not consistent between interface and implementation. Should be corrected (args type also). Once corrected, this type is used only in Account.execute() and Contract.invoke() ; both functions will pass a mandatory Starknet standard signature to invokeFunction(). So, it seems that signature could be mandatory in Invoke (with probably impacts in cascade in the code).

PhilippeR26 avatar Oct 04 '23 17:10 PhilippeR26

sorry i meant to link this in the issue : https://www.starknetjs.com/docs/API/classes/Provider#invokefunction

image

Error is there to prevent unintentional undefined signature, but it should allow you to provide an empty array as a signature if you intentionally want to do it.

yeah that make sense, i think then we just need to update doc saying that its required field.

itzlambda avatar Oct 04 '23 20:10 itzlambda

Once corrected, this type is used only in Account.execute() and Contract.invoke() ; both functions will pass a mandatory Starknet standard signature to invokeFunction().

So, it seems that signature could be mandatory in Invoke (with probably impacts in cascade in the code).

@PhilippeR26 starknet doesn't mandate signature, its upto the account contract implementer to decide how to use passed in signature, signature can be avoided altogether (althought that would be very rare)

without invokeFunction it wouldn't be possible to call an account contract whose keys you don't have. even thought they don't require it. is there any alternate way to do this (what i want basically is Account without private key)?

itzlambda avatar Oct 04 '23 20:10 itzlambda

Once corrected, this type is used only in Account.execute() and Contract.invoke() ; both functions will pass a mandatory Starknet standard signature to invokeFunction(). So, it seems that signature could be mandatory in Invoke (with probably impacts in cascade in the code).

@PhilippeR26 starknet doesn't mandate signature, its upto the account contract implementer to decide how to use passed in signature, signature can be avoided altogether (althought that would be very rare)

without invokeFunction it wouldn't be possible to call an account contract whose keys you don't have. even thought they don't require it. is there any alternate way to do this (what i want basically is Account without private key)?

That's why i used the word standard about signature handled by Starknet.js. Today Starknet.js latest version v5.21.0 isn't coded to handle account abstraction about hash and signature. Even if you can use a very low level function to enter with some abstraction, nothing is made for handle all abstraction possibilities at high level. It will come soon with merge of PR #748 .

PhilippeR26 avatar Oct 05 '23 06:10 PhilippeR26

And I have some difficulties to see the interest to pay to use a blockchain, using an account that do not provides any safety of a crypto signature.

PhilippeR26 avatar Oct 05 '23 06:10 PhilippeR26

And I have some difficulties to see the interest to pay to use a blockchain, using an account that do not provides any safety of a crypto signature.

there probably isn't a good reason for it directly. I just happened to need it in a CTF.

itzlambda avatar Oct 05 '23 09:10 itzlambda

I will like to fix this for ODHack @ivpavici

muheebyusufbaba1 avatar Apr 26 '24 07:04 muheebyusufbaba1

In fact, this one should probably not be tagged as ODHack, and should have been closed. To authorize a transaction without signature is a clear safety issue and should never occur. I urge you to choose a different issue.

PhilippeR26 avatar Apr 26 '24 08:04 PhilippeR26