Harden demo scripts: dead eth-account import, nonce, success-check#141
Open
Valisthea wants to merge 1 commit into
Open
Harden demo scripts: dead eth-account import, nonce, success-check#141Valisthea wants to merge 1 commit into
Valisthea wants to merge 1 commit into
Conversation
- aster-code.py, sol_agent.py: migrate encode_structured_data to encode_typed_data (removed in eth-account >= 0.13; the demos failed to import on a fresh install). Output is byte-identical, cross-checked against ethers signTypedData. - nonce: use microsecond time.time_ns()//1000, locked and strictly monotonic, so concurrent workers or a restart never reuse a nonce. The previous int(time.time()) gave 1-second resolution and could collide (server returns -4225 Nonce Expired). - sol_agent.py: print the nonce actually sent instead of calling get_nonce() a second time. - consolidation.js: fix `if (x = 'SUCCESS')` (assignment, not comparison) and guard error returns so a failed transfer or withdraw no longer reports success. - add requirements.txt and package.json to pin runnable dependencies.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The
demo/scripts are what integrators copy to build bots that hold API-wallet keys and move funds, so a small defect here propagates widely. This PR fixes three issues that bite on a fresh setup and pins runnable dependencies.All changes are client-side only and do not alter any byte the server verifies. EIP-712 / HMAC signatures are byte-identical before and after — cross-checked against
ethers.signTypedData(see Verification).Fixes
1. Demos fail to import on a current
eth-accountaster-code.pyandsol_agent.pyimportencode_structured_data, which was removed ineth-account >= 0.13(replaced byencode_typed_data). A freshpip install eth-accountmakes the demos crash withImportErrorbefore anything is sent. Both are migrated toencode_typed_data(full_message=...).2. Nonce can collide and get rejected as
-4225 Nonce Expiredget_nonce()usedint(time.time()) * 1_000_000, i.e. 1-second resolution (the docs state microsecond precision). Two workers — or one process restarted — sharing a single API wallet emit the same nonce within the same second, and the server rejects the duplicate (-4225 Nonce Expired).aster-code.pyalso had no lock. Now uses microsecondtime.time_ns() // 1000, mutex-guarded and strictly monotonic, so a nonce is never reused within a process. (Across multiple processes, still use one nonce source per key.)3.
consolidation.jsreports success on failureif (sendToMainAddressRes['status'] = 'SUCCESS')is an assignment, not a comparison, so the consolidation step always logs success — even when the transfer failed. The withdraw checkspotWithdraw['hash'] != ''also dereferences an error return (''). Fixed to===and added guards so a failed transfer or withdraw is reported as a failure.4. Minor
sol_agent.py: print the nonce that was actually sent, instead of callingget_nonce()a second time (which produced a different value than the one signed).demo/requirements.txtanddemo/package.jsonpinning runnable dependency versions.Verification
python -m py_compileandnode --checkpass on all demo files.encode_typed_data) and withethers.signTypedDataproduces identical signatures for both theMessage{msg}scheme and the dynamic action struct — so the migration stays wire-compatible with the live API.Intentionally not changed (needs server-side coordination)
These are genuine hardening opportunities, but changing them client-side would break verification against the current backend, so they are left for a coordinated follow-up rather than silently altered here:
sign_v3_eip712: the field type depends on the literal (canWithdraw=Falsevs0sign to different digests). A fixed per-action schema would be more robust.chainIdhardcoded to56on the main-account path, withverifyingContract = 0x0— the EIP-712 domain does not bind the operating chain.personal_sign("You are signing into Astherus {nonce}")authorizes API-key creation and is byte-identical to the login message. EIP-712 typed data would let wallets show users what they are actually authorizing.