js-stellar-base icon indicating copy to clipboard operation
js-stellar-base copied to clipboard

Published 20 hours ago verified publisher icon stellar

Signed payload length can be zero.

Open overcat opened this issue 3 years ago • 4 comments

Describe the bug According to the discussion with @leighmcculloch, the signed payload can be empty, so I think there is a bug in the implementation of this library.

What version are you on? 8.2.1

To Reproduce

const StellarBase = require("stellar-base")

// address = "GA7QYNF7SOWQ3GLR2BGMZEHXAVIRZA4KVWLTJJFC7MGXUA74P7UJVSGZ"
// payload is empty
const data = "PA7QYNF7SOWQ3GLR2BGMZEHXAVIRZA4KVWLTJJFC7MGXUA74P7UJUAAAAAAKH4Y"
console.log(`is valid signed payload: ${StellarBase.StrKey.isValidSignedPayload(data)}`)

Expected behavior Print is valid signed payload: true

Additional context None

overcat avatar Oct 14 '22 01:10 overcat

Strangely, here are two different XDRs, the first one has a non-empty signed payload, which can be accepted by the network, and the second one, with an empty signed payload, got tx_malformed when submitted to the Stellar network.

has a non-empty signed payload:

AAAAAgAAAAC2adRWr+ylMBQLOfl+ci/duuYEcJObvEpXFdyseA+wQQAAAGQAB098AAAABAAAAAIAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAO2adRWr+ylMBQLOfl+ci/duuYEcJObvEpXFdyseA+wQQAAAAR0ZXN0AAAAAAAAAAEAAAAAAAAACgAAAAVoZWxsbwAAAAAAAAEAAAAFd29ybGQAAAAAAAAAAAAAAgxqwzUAAABAon1E23/ONLPRrVcimIuHM3F0RaN8fIY5WrbMZ0vcr0sBvlmXxwCMA4JilSzbx5wpS2/6mhyOQ44ILdPdiJMrAHgPsEEAAABAr8zCOV6gTblEQBs2hbykCV2yWHjQfOW79wIlhjTBDU+y+Dwby3aIPDLwPxoQO7XI4B1PHMsPQwIrNeLpyGjLAw==

has a empty signed payload:

AAAAAgAAAAC2adRWr+ylMBQLOfl+ci/duuYEcJObvEpXFdyseA+wQQAAAGQAB098AAAABQAAAAIAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAO2adRWr+ylMBQLOfl+ci/duuYEcJObvEpXFdyseA+wQQAAAAAAAAAAAAAAAQAAAAAAAAAKAAAABWhlbGxvAAAAAAAAAQAAAAV3b3JsZAAAAAAAAAAAAAACeA+wQQAAAEDV1yLj4kWKmubM56h8IsriKSVLaMS2WyxeR466Bg7aZBxjZdCb+NIS/E0bE9HNJy3I2XNviOEDtfUBVTHDtD4NeA+wQQAAAEDldhxAh2C9VVbr5l8gHWKfysqZS98o62Fd9zouM5APMbBi42cgHZlOMFMS59ItsCtnTpfuTtPPj910bhVTesQD

Maybe the implementation of stellar core doesn't allow it to be empty?

overcat avatar Oct 14 '22 01:10 overcat

@overcat I forgot about this that the signed payload signer is invalid when empty, it's defined in CAP-40.

This was a late adjustment to the spec that arose out of a difficulty with supporting the empty case in stellar-core.

So the examples you shared are correct. The key is considered malformed if empty.

leighmcculloch avatar Oct 14 '22 01:10 leighmcculloch

Thanks, @leighmcculloch.

overcat avatar Oct 14 '22 01:10 overcat

Based on this comment(https://github.com/stellar/rs-stellar-strkey/pull/26#discussion_r995262657), we should consider the behavior here as a bug, so I'll keep this issue open.

overcat avatar Oct 14 '22 02:10 overcat

I think our messages crossed in time. @overcat I think we agreed on the other thread there is little to no use supporting zero length payloads, so there's probably no value in changing it to support zero. Did I misunderstand?

leighmcculloch avatar Oct 25 '22 05:10 leighmcculloch

Yes, closed.

overcat avatar Oct 25 '22 12:10 overcat