[bug] SessionKey can create SessionKey

rooch-network / rooch

VApp Container with Move Language

https://rooch.network

Apache License 2.0

128 stars 54 forks source link

[bug] SessionKey can create SessionKey #1625

Closed jolestar closed 2 days ago

jolestar commented 3 weeks ago

https://github.com/rooch-network/rooch/blob/417f226614f56caa4e8657a067d9bf952567530f/frameworks/rooch-framework/sources/session_key.move#L116-L117

The assert ensures users can not use a SessionKey to create a new SessionKey, but it does not work.

Reason

https://github.com/rooch-network/rooch/blob/417f226614f56caa4e8657a067d9bf952567530f/crates/rooch-types/src/framework/auth_validator.rs#L152-L164

the transaction_validtor of above should transaction_validator.

All the logic with TxValidateResult should be checked.
Write a test to ensure the assert.

feliciss commented 2 weeks ago

Since I've handled session keys before, I will possibly look at this issue.

feliciss commented 2 weeks ago

Is there a step on how to reproduce the bug described above? @jolestar

jolestar commented 2 weeks ago

Create a SessionKey via cli.
Use the SessionKey to create another SessionKey.

feliciss commented 1 week ago

the transaction_validtor of above should transaction_validator.

Did you mean the transaction_validtor of above should be replaced to auth_validator?

jolestar commented 1 week ago

transaction_validtor is a typo.

feliciss commented 5 days ago

transaction_validtor is a typo.

I tried to change transaction_validator to auth_validator. Before this change, the output was:

---- tests::transaction_validator_tests::test_session_key_from_session_key_failure_rooch stdout ----
[debug] 0x1::option::Option<u64> {
  vec: []
}
[debug] 0x1::option::Option<vector<u8>> {
  vec: []
}

After this change, I noticed there was a 0 by the Option<u64> auth_validator_id but the Option<vector<u8>> from the session_key was still empty:

--- tests::transaction_validator_tests::test_session_key_from_session_key_failure_rooch stdout ----
[debug] 0x1::option::Option<u64> {
  vec: [ 0 ]
}
[debug] 0x1::option::Option<vector<u8>> {
  vec: []
}

I doubt if this's related to builtin_validators::genesis_init after the change, cause there seems no way to put session_key into auth_validator.

jolestar commented 5 days ago

@feliciss Push the test_session_key_from_session_key_failure_rooch to #1657, and I will help to figure it out.

feliciss commented 5 days ago

@feliciss Push the test_session_key_from_session_key_failure_rooch to #1657, and I will help to figure it out.

Got it.