Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

database_api::verify_account_authority is broken #1366

pmconrad opened this issue Oct 12, 2018 · 5 comments


4 participants
Copy link

commented Oct 12, 2018

Bug Description
According to the description, the API call verifies that a given set of public keys is sufficient to authorize a transaction for a given account.

The implementation creates a transfer transaction from that account and verifies it. Since it is completely ignoring the keys, this will always fail.

Describe which portion(s) of BitShares Core may be impacted by this bug. Please tick at least one box.

  • API (the application programming interface)
  • Build (the build process or something prior to compiled code)
  • CLI (the command line wallet)
  • Deployment (the deployment process after building such as Docker, Travis, etc.)
  • DEX (the Decentralized EXchange, market engine, etc.)
  • P2P (the peer-to-peer network for transaction/block propagation)
  • Performance (system or user efficiency, etc.)
  • Protocol (the blockchain logic, consensus, validation, etc.)
  • Security (the security of system or user data, etc.)
  • UX (the User Experience)
  • Other (please add below)

Steps To Reproduce
Steps to reproduce the behavior (example outlined below):

$ curl--data '{"id":0,"method":"verify_account_authority","params":["cyrano",["BTS6MkMxwBjFWmcDjXRoJ4mW9Hd4LCSPwtv9tKG1qYW5Kgu4AhoZy"]]}' 'https://<api-node>/rpc'
{"id":0,"jsonrpc":"2.0","error":{"code":1,"message":"missing required active authority: Missing Active Authority 1.2.28788", ...

Expected Behavior
Call should have returned true.

Additional Context (optional)
Since the call has never worked correctly it is safe to assume that it is unused. So it might be an option to remove it.


  • Evaluate / Prioritize Bug Report
  • Refine User Stories / Requirements
  • Define Test Cases
  • Design / Develop Solution
  • Perform QA/Testing
  • Update Documentation

@pmconrad pmconrad added this to New -Awaiting Core Team Evaluation in Project Backlog via automation Oct 12, 2018


This comment has been minimized.

Copy link

commented Oct 12, 2018

@pmconrad nice catch !

Several months ago I wanted to use this API method while had troubles with signing transaction in C#.
This method is very helpful for debugging purposes. I disagree that we should remove it, I think we should fix it, IMHO it is very helpful for developers. Just my thoughts.

Thanks !


This comment has been minimized.

Copy link
Contributor Author

commented Oct 12, 2018

Agree that it might be useful for debugging. Probably not for regular clients.


This comment has been minimized.

Copy link

commented Oct 16, 2018

Please correct me if I am wrong. I believe we should be looking at the active and owner public keys for the passed in account, and verify that the keys match what was passed in.

Am I missing something? What else should be validated?


This comment has been minimized.

Copy link
Contributor Author

commented Oct 17, 2018

It's much more complicated than that, since the keys can also authorize other accounts who in turn form a multisig for the account that has to authorize the transaction etc.
The general idea to create an actual transaction and let that verify the keys is good IMO, but it has to be done properly.

@abitmore abitmore added this to the 201812 - Feature Release milestone Oct 25, 2018

@abitmore abitmore added this to To do in Feature Release (201902) via automation Oct 25, 2018

@abitmore abitmore removed this from New -Awaiting Core Team Evaluation in Project Backlog Oct 25, 2018

@abitmore abitmore moved this from To do to In progress in Feature Release (201902) Oct 25, 2018


This comment has been minimized.

Copy link
Contributor Author

commented Oct 25, 2018

Resolved via #1384

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.