Sign method - verify accurate encoding

[intelliot]

When signing a transaction, we should decode the signedTransaction blob and check the integrity (accuracy) of the data.

[mDuo13]

I'm not sure how to test that this works as intended but I do wonder how many edge cases like with Flags might break it.

[mDuo13]

What about flags? The "standard" way of serializing a transaction usually adds tfFullyCanonicalSig even if the user didn't specify it. I could see that feature accidentally tripping this check.

[intelliot]

That's a great question. I think that if the user didn't specify tfFullyCanonicalSig then ripple-lib's sign method does not add it. However, the prepare* methods -- including prepareTransaction -- do: https://github.com/ripple/ripple-lib/blob/develop/src/transaction/utils.ts#L67

[mDuo13]

I thought if you left Flags off entirely it did provide it.

[intelliot]

• I've verified that signing a transaction with ripple-lib's sign method (which also serializes it) does not add tfFullyCanonicalSig, regardless of whether the user specified Flags or not. But note that the prepare* methods do add it.
• I've added a test that ensures that no Flags are added: c5714de

[ximinez]

I think that despite the prepare* methods, the sign method should also add Flags if none are specified, mainly because our documentation says we do: https://xrpl.org/transaction-malleability.html

To further protect users, Ripple has configured its code to enable the tfFullyCanonicalSig flag by default where possible. Ripple strongly encourages third-party implementations of XRP Ledger software to generate only fully-canonical signatures, and enable tfFullyCanonicalSig on transactions by default.

[intelliot]

@ximinez I think that's beyond the scope of this PR, but I've created a new PR that does that: #1028

[intelliot]

As far as I'm currently aware, the only case that this will catch occurs when an amount of XRP drops contains a decimal point; and this will be caught ahead of time with ripple-binary-codec 0.2.2. (This PR also updates ripple-lib to use ripple-binary-codec 0.2.2.) This PR incorporates the secondary check as "defense in depth". Here's how I tested it:

1. Created unit tests.
2. I verified that the unit tests pass with the secondary check alone (using the older ripple-binary-codec).
3. I removed the secondary check and verified that the tests fail.
4. I updated ripple-binary-codec and verified that the tests pass (with a small change to the tests: the error message that the test expects).
5. I added the secondary check back and verified that the tests still pass.

I also verified that the decoded transaction's Fee is checked (to ensure it's not higher than maxFeeXRP) by temporarily commenting out the first Fee check (which checks the original txJSON prior to signing/encoding).

[keefertaylor]

optional: Consider rebasing this import to binaryCodec because it makes the code below easier to read IMO:

const decoded = binary.decode(serialized)

vs

const decoded = binaryCodec.decode(serialized)

[keefertaylor]

Consider rephrasing to line up with the check you're actually performing:
"Serialized transaction must have a TxnSignature or Signers property."

[keefertaylor]

nit: Refer to this property the same way you refer to it in code: 'Signers' vs txSigners, or at the very least 'tx.Signers'.

Or, if you think it should be called txSigners, you could refactor the code to this property name.

[keefertaylor]

You've already deleted this on line 66.

[keefertaylor]

Some initial (mostly stylistic) comments.

[keefertaylor]

LGTM - Please wait for another reviewer to stamp as well since I'm still relatively new to these flows.

[intelliot]

Thanks to @mDuo13 for taking another look! I've also done some additional manual testing myself, and everything looks good.

[jnr101]

Hi,

I am using values with standard amount of digits after the '.' like e.g. "3.141000". It turns out that this fails the verification. It was easy for me to fix, but if you feel like values with zeros should be accepted, then you might want to change it.

The following code will show the issue:

const {RippleAPI} = require('ripple-lib')

api = new RippleAPI({ server: 'wss://s1.ripple.com' });

const address = "rrrrrrrrrrrrrrrrrNAMEtxvNvQ"
const secret = "shNs3GgHxoNPRWL6chhwH5s5A97T5"

const order = {
  "direction": "sell",
  "quantity": {
    "currency": "USD",
    "counterparty": 'rvYAfWj5gh67oV6fW32ZzP3Aw4Eubs59B',
    "value": "3.140000"
  },
  "totalPrice": {
    "currency": "XRP",
    "value": "31415"
  }
};

(async () => {
  await api.connect()
  const accountInfo = await api.getAccountInfo(address)
  const prepared = await api.prepareOrder(address, order, { "sequence": accountInfo.sequence } )
  const {signedTransaction} = api.sign(prepared.txJSON, secret);
  api.disconnect()
})().catch(err => {
  console.error(err.message, '\n', JSON.stringify(err.data, null, 2))
})

[intelliot]

@jnr101 Thanks for pointing that out! I put some thought into it and decided to keep the current behavior because it's risky (and potentially unexpected) for the encoded transaction to contain different values than were originally provided to the sign method. In the case of trailing zeros, you are probably doing the right thing by trimming those off prior to asking ripple-lib to sign.

To make this behavior more discoverable, I improved the error message and added a diff so that users can quickly see where the discrepancy lies: #1037

[jnr101]

Hi @intelliot, sounds good to me. I have run the tests and looks good 👍

[yxxyun]

after this update, is this right behavior ?

[intelliot]

@yxxyun Correct. The underlying transaction format is in drops and thus does not allow more than 6 decimal places for XRP amounts. It would be risky for the library to silently/automatically do rounding or truncation, so apps/clients must do that prior to passing the amount to ripple-lib. Depending on the context/use case, different rounding policies are possible. Hope this helps!

[yxxyun]

edited,
fixed the bug in utoken.

[intelliot]

@yxxyun Could you create a new issue describing the problem?

Note that you can specify TakerGets and TakerPays by using OfferCreate JSON with ripple-lib's prepareTransaction method.