js-stellar-sdk icon indicating copy to clipboard operation
js-stellar-sdk copied to clipboard
verified publisher icon stellar

SEP-24 deposit failed: The transaction has expired

Open shanzzam opened this issue 4 years ago • 1 comments

@s-a-y commented on Thu Jul 15 2021

Not necessarily a bug report, but I'm unable to figure this out on my own

What version are you using?

Latest version of demo-wallet and stellar-sdk 8.2.3

What did you do?

Testing https://demo-wallet.stellar.org/account?secretKey=SDTONNSWKTCDD4EFTUPTUUPWBNJZOKDUP2ZPXKYJBEKVONJY66KZ4J5H&untrustedAssets=TBTC%3AGAIJQAYGJ2TMP7OC5NFBJTPELBHZZJ4LDLTS4JZBV5SMVUKJGKTI4Q3O&assetOverrides=TBTC%3AGAIJQAYGJ2TMP7OC5NFBJTPELBHZZJ4LDLTS4JZBV5SMVUKJGKTI4Q3O%7ChomeDomain%3Etest.apay.io with my new sep10 endpoint https://sep10.apay.workers.dev/?account=GAWA6G3CWEY3MPY4MBIMX3QCWGG65PC6P3MJ5LYE2FZMXWH7NCKRLYQ3

I remember having the same trouble 6 months ago, when I wasn't using cloudflare workers

I suspected that it has something to do with my timezone (GMT +10), but I've increased timeout to 86400 and it didn't help. Reviewing the code, demo-wallet uses the same readChallengeTx in the browser, which I'm using inside my sep10, only for me it doesn't produce any errors

What did you expect to see?

I expect no error and POST request to sep10 endpoint

What did you see instead?

Every time I get this error SEP-24 deposit failed: The transaction has expired

Screen Shot 2021-07-16 at 3 13 56 PM

@s-a-y commented on Fri Jul 16 2021

Actually, can we move that issue to stellar-sdk repository? I believe I figured it out. It looks like environment where auth transaction is being created is milliseconds ahead of my local clock, so when transaction is created by the endpoint and is being checked locally, it arrives before my local Date.now(), which causes this issue. When I slow my internet connection to 3g (emulation in developer tools) it starts working.

I'd like to propose a change to buildChallengeTx function instead of

timebounds: {
        minTime: now,
        maxTime: now + timeout,
      },

create it with

timebounds: {
        minTime: now - 5000, 
        maxTime: now + timeout,
      },

to avoid this issue with clock synchronization

@shanzzam commented on Fri Jul 16 2021

@s-a-y I can move this issue for you. The demo wallet uses the js-stellar-sdk code so will move to that repo. First, I'd like to get feedback from the engineers who worked on the wallet as they may be fixing this issue. @piyalbasu or @quietbits any comments before I move this issue?

@quietbits commented on Mon Jul 19 2021

@shanzzam moving this issue to js-stellar-sdk sounds good. 👍 The fix wouldn't be on the demo wallet.

shanzzam avatar Jul 19 '21 16:07 shanzzam

I'd like to propose a change to buildChallengeTx function

If you look here the SDK already gives 5min tolerance:

  // give a small grace period for the transaction time to account for clock drift
  if (!Utils.validateTimebounds(transaction, 60 * 5)) {
    throw new InvalidChallengeError("The transaction has expired");
  }

salatielsql avatar Feb 11 '25 10:02 salatielsql