Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

keyring->pair->vrfVerify: possibly the wrong public key is used if the pair type is sr25519 #1906

Open
6 tasks done
farwayer opened this issue Dec 25, 2023 · 1 comment
Open
6 tasks done

keyring->pair->vrfVerify: possibly the wrong public key is used if the pair type is sr25519 #1906

farwayer opened this issue Dec 25, 2023 · 1 comment

Comments

@farwayer
Copy link

  • I'm submitting a bug

    • Bug report

  • What is the current behavior and expected behavior?

Vrf signature should be checked agains remote public key (passed as signerPublic parameter). But if the pair type is sr25519 then the current pair publicKey is possibly misused for validation.

common/packages/keyring/src/pair/index.ts

Line 211 in 6971012

if (type === 'sr25519') {

  • Please tell us about your environment:

    • Version: 12.6.2

    • Environment:

      • Node.js
      • Browser
      • Other (limited support for other environments)

    • Language:

      • JavaScript
      • TypeScript (include tsc --version)
@farwayer
Copy link
Author

Since the verification uses a remote public key, it makes sense to make vrfVerify a utility-function rather than making it a pair method.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@farwayer