Closed micahalcorn closed 5 years ago
Here is the check I did before deploying contracts to mainnet:
I used this script to validate that the address ISSUER_PROD matched the ATTESTATION_SIGNING_KEY defined in ENVKEY:
var Web3 = require('web3') const web3 = new Web3() console.log(process.env.ATTESTATION_SIGNING_KEY) web3.eth.accounts.privateKeyToAccount(process.env.ATTESTATION_SIGNING_KEY)
@micahalcorn what kind of setup were you using when you say local environment?
@tomlinton raw origin-dapp with BRIDGE_SERVER_DOMAIN=bridge.dev.originprotocol.com
and local origin-js.
@micahalcorn @tyleryasaka I'm trying to understand the impact of this issue. Do we have any evidence this is happening in prod ?
Haven't tried yet 😐 Has anyone published attestations, refreshed the page, and they're still intact? I heard vague indications to the contrary, but I'm not sure.
I can save/refresh them on staging without any problems. Haven't tried on production. That's a bit of an unusual setup you were running. I'm trying to think of why it would have not worked but I haven't come up with anything yet. :unamused:
I just tested on Mainnet. I saved my profile and it was still intact after I reloaded the page. Now there is a known bug (see DApp PR 639) where upon publishing, the DApp fails registering callbacks and therefore the profile page still shows status unpublished and the pending blockchain transaction dropdown stays stuck at 0% for the profile transaction.
As another data point, I just successfully published my email attestation on Mainnet. So I can't reproduce this issue on Mainnet so far...
Tyler fixed an attestation saving issue on mainnet: https://github.com/OriginProtocol/origin-js/pull/598
So now this issue is only about making sure we can use bridge.dev.originprotocol.com when developing locally.
Downgrading to p1
CC @tyleryasaka
Our bridge server setup is confusing:
I can't really think of a good reason why this is setup this way. And I actually think it is not a good idea that both our staging and prod bridge servers use the same signing key.
How about the following:
@tyleryasaka any comment re this plan ? ^^^
@franckc just one thing to clarify:
We should make sure we do not add the rinkeby key to the mainnet issuer. Otherwise if anyone learns our rinkeby signing key they will be able to issue their own claims that appear to be valid in prod. I think this is what you meant, but just making sure.
Other than that looks great.
@tyleryasaka Yes, totally makes sense. I'll send a PR out and make sure to have you review it...
Done via #764 ✅
Several of us are able to reproduce an issue where phone, email, etc are supposedly published successfully, but they are gone when the profile page is refreshed. Upon further inspection, they appear to be recording, but @tyleryasaka suspects that the
ATTESTATION_SIGNING_KEY
may be wrong causing the attestations to be invalidated when retrieved. This is probably the top priority at the moment, but it may only be affecting the local environment.