search

0chain / gosdk

A client SDK in Go to interface the blockchain and storage platform, and other smart contracts
MIT License
32 stars 29 forks source link

DownloadFromAuthTicket does not set owner correctly when 3rd party pays #246

Closed Sriep closed 2 years ago

Sriep commented 3 years ago

downloadBlobberBlock always sets the owner to be the client. This is wrong when a 3rd party pays and the owner is someone else.

The end result seems to be that 0chain read_redeem can fail as it gets confused verifying the signature, assuming the owner has signed it.

Sriep commented 3 years ago

Actually, on investigation, while this is clearly confusing, the cause of the problem was caused by https://github.com/0chain/gosdk/commit/4f105bed55345d0966fb96eda32c5d72fd9af7e4#diff-dbc2b4d74b0c2ba20c9c503f9afab19b99134642777fe5c087964942dc7b074a where two feids were added to authTicket and its hash and not mirrored in 0chain. this is fixed in https://github.com/0chain/0chain/pull/521.

lpoli commented 2 years ago

I've included this in coming PR in refactored download.