-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve transaction signing/submission flow #189
Comments
what do you think about this solution:
This way we add no new methods to the public interface, and I believe we will resolve your concerns. |
i see what you'll find problematic about that solution ^ @mDuo13 - would you elaborate on:
namely - why does it give you the impression that a replacement tx will happen? |
For one thing, that's how Ripple-REST worked. But for another thing, the mere fact that it could do this is cause for concern. The code patterns should encourage and reinforce safe usage, and what's safe is to sign once using purely offline code, and then submit the exact same signed blob any number of times. |
On a related note, we should make sure that the methods we have can be integrated with hardware wallets (like a Ledger Nano S). I don't have one so I don't know exactly how they work, but I know they have a companion app and the secret lives on the device. I don't know if they handle things like actually submitting to the network or if they just output a binary blob you have to submit yourself, but that's something to check into and make sure we can work with (even if you have to do some parts manually). |
Are these concerns still existent? |
I believe this is now resolved thanks to #528 |
There are a lot of different ways of doing transaction signing and submission, but we've learned from experience what models work better than others, and the way I most recommend doing things is as follows:
Prepare Transaction (online)
The main point of this is that you can inspect what you're signing before you even go get your secret keys out of secure storage. For offline transaction construction, you have to skip this step and provide things like
Fee
andSequence
yourself. (TheWallet
class in xrpl-py is well-equipped to handle the Sequence part at least.)Input:
LastLedgerSequence
), fee options, path options, etc.Output:
LastLedgerSequence
field by default, as well as any other best practices, with options to explicitly configure/disable them.Sign Transaction (offline OK)
Input:
Output:
Submit-and-Verify (online)
It's not a bad thing to also have a simple submit function that returns the preliminary result only.
Input:
LastLedgerSequence
parameter.Output:
tesSUCCESS
.There are several ways in which the current version of xrpl-py DOES NOT work this way:
LastLedgerSequence
by default and fillingFee
andSequence
.send_reliable_submission()
takes a wallet and unsigned transaction. That gives the impression that it might modify the transaction instructions and (re-)submit a replacement/modified version, which it absolutely MUST NOT do. (I don't think it does, but it's best if the function literally doesn't have what it would need to do that.) You can't use the existing function to implement truly reliable sending.The text was updated successfully, but these errors were encountered: