Skip to content

[Fix]: ISigner Only sign consensus messages #3939

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
May 16, 2025
Merged

[Fix]: ISigner Only sign consensus messages #3939

merged 8 commits into from
May 16, 2025

Conversation

@Wi1l-B0t
Copy link
Contributor

@Wi1l-B0t Wi1l-B0t commented May 10, 2025

Description

Fix an issue found in #3896.

The current ISigner interface can sign any data and there is an issue if the data is a tranfer tx.

This PR allows the signer to only sign consensus messages and block.

Fixes # (issue)

Type of change

  • Optimization (the change is only an optimization)
  • Style (the change is only a code style for better maintenance or standard purpose)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@Wi1l-B0t Wi1l-B0t changed the title [Fix]: Only sign consensus messages [Fix]: ISigner Only sign consensus messages May 10, 2025
@shargon
Copy link
Member

shargon commented May 11, 2025

I don't see the problem of signany data, it should be the implementation who make the restrictions, so it should be good to have different methods for different kind of signatures

@Wi1l-B0t
Copy link
Contributor Author

Wi1l-B0t commented May 11, 2025
edited
Loading

I don't see the problem of signany data, it should be the implementation who make the restrictions, so it should be good to have different methods for different kind of signatures

the problem of sign any data

If an attacker hacked a neo node that uses this sign service(If no this sign service, the attacker can get the privat key), the attacker can send a tx to the sign service, and if sign service sign this tx data, the assets will be transferred.

different methods for different kind of signatures

What is "different methods for different kind of signatures"?

@shargon
Copy link
Member

shargon commented May 12, 2025

What is "different methods for different kind of signatures"?

SignTransaction, SignConsensus the signer can throw an excenption on SignTransaction if they don't want to allow it

@Wi1l-B0t
Copy link
Contributor Author

Wi1l-B0t commented May 12, 2025

What is "different methods for different kind of signatures"?

SignTransaction, SignConsensus the signer can throw an excenption on SignTransaction if they don't want to allow it

SignTransaction is not used now, so not added.
SignConsensus is SignExtensiblePayload here.

shargon
shargon reviewed May 12, 2025
View reviewed changes
shargon
shargon reviewed May 12, 2025
View reviewed changes
vncoelho
vncoelho reviewed May 13, 2025
View reviewed changes
Copy link
Member

@vncoelho vncoelho left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

@Jim8y Jim8y requested review from shargon and vncoelho May 16, 2025 01:21
@shargon shargon merged commit 6ee41ed into neo-project:master May 16, 2025
6 of 7 checks passed
@Wi1l-B0t Wi1l-B0t deleted the fix.sign-specific-data branch May 17, 2025 02:09
cschuchardt88 pushed a commit to cschuchardt88/neo that referenced this pull request Jun 8, 2025
@Wi1l-B0t @shargon
@vncoelho @cschuchardt88
[Fix]: ISigner Only sign consensus messages (neo-project#3939)
7324c13 
* Fix: make the signer sign specific data

* Fix: make the signer sign specific data

---------

Co-authored-by: Shargon <[email protected]>
Co-authored-by: Vitor Nazário Coelho <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shargon shargon shargon approved these changes

@Jim8y Jim8y Jim8y approved these changes

@vncoelho vncoelho vncoelho approved these changes

Assignees

No one assigned

Labels

Ready to Merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Wi1l-B0t @shargon @Jim8y @vncoelho