[Bug?] Client 'incoming-viewing-key' potential issue

[fullkomnun]

For nightfall client's 'incoming-viewing-key' request, it stores given 'zkpPrivateKeys' and 'nullifierKeys' in memory, then it tries to use these to sync client commitments using nightfall-client/src/services/commitment-sync.mjs's clientCommitmentSync exported function.

clientCommitmentSync implementation

given a ‘zkpPrivateKey’ and a ‘nullifierKey’ get all transactions, for each transaction:

1. get all non-zero commitments
2. conditional: only for ‘transfer’ transaction (identifies by compressedSecrets being not [ZERO,ZERO]) where we have the first non-zero commitment stored
3. try to decrypt that commitement using the provided ‘zkpPrivateKey’ and ‘nullifierKey’

However, the condition is:

countCommitments([nonZeroCommitments[0]]) === 0

where countCommitments returns a Promise but is comapred to a numeric literal so condition will never be met (supposedly) which means it will not decrypt any commitments already stored prior to the 'incoming-viewing-key' request.

Mitigation

• Probably should 'await' the call to countCommitments
• Maybe create a test-case for that use-case
• The call to decryptCommitment is also not awaited for which could be intentional but will resume before sync is over and has implications with regards to error handling