Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enforce `weight` attribute to be included in authority JSON when performing `updateauth` action #132

Open
DenisCarriere opened this issue May 9, 2019 · 3 comments

Comments

Projects
None yet
2 participants
@DenisCarriere
Copy link

commented May 9, 2019

I've recently been able to pushed a system updateauth action when the JSON authority file was missing the weight attribute, this caused the account to "null" out the permission since the authority had a weight of 0.

If weight is undefined eosc should raise an error instead of pushing updateauth with a weight of 0 as the default.

Should raise an error (missing weight)

{
  "threshold": 1,
  "keys": [
    {
      "key": "EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV"
    }
  ]
}

Valide authority JSON

{
  "threshold": 1,
  "keys": [
    {
      "key": "EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV",
      "weight": 1
    }
  ]
}
@abourget

This comment has been minimized.

Copy link
Contributor

commented May 10, 2019

Ouch. This needs fixing. I thought nodeos checked for those risks.. surprised it accepts a weight of 0.. what's the use of a weight of 0 otherwise?!

@abourget

This comment has been minimized.

Copy link
Contributor

commented May 10, 2019

Do you have a link to your transaction?

@DenisCarriere

This comment has been minimized.

Copy link
Author

commented May 14, 2019

@abourget

I've created a new transaction with the following authority

https://kylin.eosq.app/tx/69a61fc2465820b98eae51d354878e8233ac2fc38a50aef8faebde94c5a81c60

{
    "threshold": 1,
    "keys": [
        {
            "key": "EOS74F5gi5wFQzSCo5mQ2p8ihERFw3RWARwMnXoyQ88fQQU1hXxCp",
            "weight": 0
        },
        {
            "key": "EOS7jUe6kEXz93RMeYpze33ek1uyNSegGf4CCDQWSU4DTh9N6kjEC",
            "weight": 1
        },
        {
            "key": "EOS8ZSQhzNqYn5nNnLARJzUMSwv1stbMNMPxHcsQ9W4SoztZ5mZ6K"
        }
    ],
    "accounts": [
        {
            "permission": {
                "actor": "deniscarrier",
                "permission": "active"
            },
            "weight": 1
        }
    ]
}

image

I did test if you only provide 1 public key with threshold of 1, the system does throw an error (so that's good).

Does throw an error

{
    "threshold": 1,
    "keys": [
        {
            "key": "EOS8ZSQhzNqYn5nNnLARJzUMSwv1stbMNMPxHcsQ9W4SoztZ5mZ6K"
        }
    ],
    "accounts": []
}

ERROR: pushing transaction: Internal Service Error: Action validate exception: Invalid authority: {"threshold":1,"keys":[{"key":"EOS8ZSQhzNqYn5nNnLARJzUMSwv1stbMNMPxHcsQ9W4SoztZ5mZ6K","weight":0}],"accounts":[],"waits":[]}: pending console output:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.