[gateway api] Replace TransactionSigner with two steps call #897
Conversation
patrickkuo
force-pushed
the
pat/gateway_api_signature_request
branch
from
3f7bd11 to
3cb73e4
Compare
sui/src/rest_server.rs
Outdated
| let signature = tx_signer.sign(&owner, sig_req.data).await?; | ||
| Ok(state | ||
| .gateway | ||
| .execute_transaction(sig_req.digest, signature) |
There was a problem hiding this comment.
We will be passing this from the wallet application to the rest server. So just want to confirm, are both the signature and the sig_req.digest safe to transfer over the wire?
There was a problem hiding this comment.
yes it's cryptographically safe
patrickkuo
force-pushed
the
pat/gateway_api_signature_request
branch
from
3cb73e4 to
0725325
Compare
|
Sorry for the late review! Thanks for looking into simplifying the signature process.
|
I try not to introduce yet another enum and layer, hence the changes in
I have suggested this approach last time we discuss Gateway architecture, the conclusions I had after some thoughts are: 1, All of the transaction require ObjectRef as input, if we build the transaction on the application side, the application will need to do multiple calls to fetch the latest ObjectRef to build the transaction. 2, We will need to provide and maintain libs, potentially for many different languages to creating the transaction locally to ensure the serialisation will create the same bytes (we use BCS), otherwise it will result in different hash and invalid signature. In this PR I have included |
patrickkuo
force-pushed
the
pat/gateway_api_signature_request
branch
from
2261a44 to
7eddb72
Compare
sui_core/src/gateway_state.rs
Outdated
| address_states: BTreeMap<SuiAddress, AccountState>, | ||
| unsigned_tx: BTreeMap<TransactionDigest, (TransactionData, GatewayRequestType)>, |
There was a problem hiding this comment.
This worries me. It creates a way for people to DDos our storage: just keep sending tx without signing it, this table will continue to grow.
I assume this is added as an optimization to reduce the size of the second request? Although we will need to optimize it in some way, it may be better to leave that out for simplicity at the moment.
There was a problem hiding this comment.
This is not just an optimisation to reduce size, it also make the rest request a lot simpler, malicious actor will need to try different combination of objects to create unique transactions with different digest, so the grow of this map should be limited, having said that, I am happy to remove it for now to make it safer.
Thinking more about DDoS... current implementation of gateway will allow read access without proof of key ownership, which will allow DDoS and address_states can grow infinitely, we need to think about authentication in the gateway service.
There was a problem hiding this comment.
A user can submit a Move Call request, and simply mutating one pure argument from 0,1,... and can easily create infinite number of unique transactions?
There was a problem hiding this comment.
Oh of cause, I was only thinking about transfers 🤦🏻♂️, thanks!
patrickkuo
force-pushed
the
pat/gateway_api_signature_request
branch
2 times, most recently
from
5315417 to
aa125d0
Compare
* Instead of passing in a transaction signer, we have now split the transaction process into 2 part. * the first call will create the `TransactionData`, register it in the `GatewayState` and return a `TransactionSignatureRequest` object to the client * The client is expected to create a signature using their key, with the `TransactionData` or `TransactionDigest` included in the `TransactionSignatureRequest` * A new API method `execute_transaction` is added to execute the registered transaction.
* removed TransactionSignatureRequest * removed AsyncTransactionSigner * removed unsigned_tx from GatewayState
patrickkuo
force-pushed
the
pat/gateway_api_signature_request
branch
from
a9a645c to
6714d9c
Compare
|
I have further simplified the changes!
|
* Changes to the Gateway API * Instead of passing in a transaction signer, we have now split the transaction process into 2 part. * the first call will create the `TransactionData`, register it in the `GatewayState` and return a `TransactionSignatureRequest` object to the client * The client is expected to create a signature using their key, with the `TransactionData` or `TransactionDigest` included in the `TransactionSignatureRequest` * A new API method `execute_transaction` is added to execute the registered transaction. * * simplified GatewayAPI * removed TransactionSignatureRequest * removed AsyncTransactionSigner * removed unsigned_tx from GatewayState * fixup after rebase * minor refactoring
We generally set a special logging level for networking libraries in both production and tests. This PR puts quinn messages (including somewhat verbose spans) under that logging level.
…tenLabs#897) We generally set a special logging level for networking libraries in both production and tests. This PR puts quinn messages (including somewhat verbose spans) under that logging level.
We are replacing TransactionSigner with two steps call.
The reason of this change is to simply the mechanism of acquiring signatures,
TransactionSigner's signature callback is hard to implement for the rest server without using rest server callback. The new 2 steps structure will be much easier to implement across the rest boundaries.Changes to the Gateway API
TransactionSignatureRequestinstead of executing the transaction, the function call will create theTransactionData, register it in theGatewayStateand return aTransactionSignatureRequestobject to the client.TransactionDataorTransactionDigestincluded in theTransactionSignatureRequestand return it to theGatewayAPIusing theexecute_transactionfunctionexecute_transactionis added to execute the registered transaction.