search

Grinnode-live / 2020-grin-bug-bash-challenge

Finding bugs in Grin-Wallet & Grin-nodes for a bounty prior to Grin fork v5.
3 stars 1 forks source link

[GRIN-Wallet][Owner API] testing verify payment proof method #35

Closed marekyggdrasil closed 3 years ago

marekyggdrasil commented 3 years ago

Description Testing the verify payment proof method from the Owner API

Prerequisites

  1. GRIN-Node
  2. GRIN-Wallet
  3. A payment proof

Test procedure

  1. Run GRIN-Wallet in Owner API listener mode
  2. Use node.js or python to run a encrypted request to verify payment proof method

Expected result:

Check if verifies a PaymentProof This process entails:

  1. Ensuring the kernel identified by the proof's stored excess commitment exists in the kernel set
  2. Reproducing the signed message amount|kernel_commitment|sender_address
  3. Validating the proof's recipient_sig against the message using the recipient's address as the public key and
  4. Validating the proof's sender_sig against the message using the senders's address as the public key

This function also checks whether the sender or recipient address belongs to the currently open wallet, and returns 2 booleans indicating whether the address belongs to the sender and whether the address belongs to the recipient respectively.

Provide requests and response full payloads as well as wallet and node logs.

Include the output of command

grin-wallet -V

and your environment

uname -a
mojitoo commented 3 years ago

Runs the wallet's local web API

grin-wallet owner_api
Password: 
20201220 07:55:46.473 WARN grin_wallet_controller::controller - Starting HTTP Foreign API on Owner server at 127.0.0.1:3420.
20201220 07:55:46.473 WARN grin_wallet_controller::controller - Starting HTTP Owner API server at 127.0.0.1:3420.
20201220 07:55:46.473 WARN grin_wallet_controller::controller - HTTP Owner listener started

HTTP Owner successfully started.

retrieve_payment_proof as the sender (newaccount is the account name)

wallet.open_wallet("newaccount", wallet_password) wallet.set_active_account("newaccount") proof=wallet.retrieve_payment_proof(tx_id=18) pp.pprint("the following is your payment proof for tx_id=18") pp.pprint(proof)

'the following is your payment proof for tx_id=18'
{   'amount': '1000000000',
    'excess': '08e22384e7ee97bd12d96998dc0e19cec66dd8a505bbeb1ae47ba2b4697ba9052f',
    'recipient_address': 'grin12wktxlyfx62wx48ldn55katd8zm5d6qfa6mupt9r4uul8eqxagsqct3je5',
    'recipient_sig': 'acf6a6a68ea5dfa79d53362a47d308303ce418c6e794e64370408bf7fe132d34b427a40195bf98011b608ea167d8681765ea64560cdd17b6fe0ef604d406d008',
    'sender_address': 'grin1jdj2w0fh8haq9pfuvjmjrev5f4gs34n4n7fnsfmuwf7j09x4v9ws79nq8d',
    'sender_sig': '28b88abb62d67e119531046fe8953b6d9ee02c03f87157d57433a334dcdb838f6b968c1facd52d6bafbec783a935de815d10534fc700bfd700f4e009ee323f01'}

verify_payment_proof as the receiver (default is the account name)

wallet.set_active_account("default") pp.pprint("verify the proof as a receiver") pp.pprint(wallet.verify_payment_proof(proof))

'verify the proof as a receiver'
[False, True]

Proof of payment seems to be valid

marekyggdrasil commented 3 years ago

Payment proof as well as verification of sender and recipient (booleans) look good. Thanks for great work! Closing.