tendermint/sig

Signature doesn't match CLI

Closed this issue · 2 comments

fadeev commented

Trying to broadcast a transaction (signed with sig), but getting an error: unauthorized: signature verification failed; verify correct account sequence and chain-id. The same transaction signed in CLI is successfully broadcasted.

Unsigned tx:

{
  "type": "cosmos-sdk/StdTx",
  "value": {
    "msg": [
      {
        "type": "dither/CreatePost",
        "value": {
          "creator": "cosmos18cd5t4msvp2lpuvh99rwglrmjrrw9qx5h3f3gz",
          "body": "bar",
          "likes": null,
          "channel_id": "5c124f63-4116-4aed-996b-b4519a339480"
        }
      }
    ],
    "fee": {
      "amount": [],
      "gas": "200000"
    },
    "signatures": null,
    "memo": ""
  }
}

Mnemonic:

supreme enter index swallow path achieve annual picnic quantum reason theme wisdom

Meta:

{
  "account_number": 6,
  "chain_id": "dither",
  "sequence": 2
}

Signed in browser with sig:

{
  "type": "cosmos-sdk/StdTx",
  "value": {
    "msg": [
      {
        "type": "dither/CreatePost",
        "value": {
          "creator": "cosmos18cd5t4msvp2lpuvh99rwglrmjrrw9qx5h3f3gz",
          "body": "bar",
          "likes": null,
          "channel_id": "5c124f63-4116-4aed-996b-b4519a339480"
        }
      }
    ],
    "fee": {
      "amount": [],
      "gas": "200000"
    },
    "signatures": null,
    "memo": ""
  },
  "signatures": [
    {
      "signature": "pJWf30gurONZIt4B23d95HCyz9h/zV2xn7N0AFhXz74XHsVIenCPes3RPXu07vIH+eoPEOkC45Tf53TM1YHiDQ==",
      "pub_key": {
        "type": "tendermint/PubKeySecp256k1",
        "value": "A5lfll1RiMbiBRmCkuP5PjehJez6Lymko3/nohbZCYGs"
      }
    }
  ]
}

Signed in CLI (https://github.com/fadeev/dither-test):

{
  "type": "cosmos-sdk/StdTx",
  "value": {
    "msg": [
      {
        "type": "dither/CreatePost",
        "value": {
          "creator": "cosmos18cd5t4msvp2lpuvh99rwglrmjrrw9qx5h3f3gz",
          "body": "bar",
          "likes": null,
          "channel_id": "5c124f63-4116-4aed-996b-b4519a339480"
        }
      }
    ],
    "fee": {
      "amount": [],
      "gas": "200000"
    },
    "signatures": [
      {
        "pub_key": {
          "type": "tendermint/PubKeySecp256k1",
          "value": "A5lfll1RiMbiBRmCkuP5PjehJez6Lymko3/nohbZCYGs"
        },
        "signature": "R9NPW638MvYi21rL6k2GS4x6cG+hNeiAdTgFxOsNo7FFJKoO246laCOpLRfe3V5yp+0SYibTSl+36QbAthbuug=="
      }
    ],
    "memo": ""
  }
}

Basically, signed tx from sig should be the same as tx signed by the CLI, because the latter one can be broadcasted succesfully.

cc @jordansexton

Related:

cosmos/cosmos-sdk#5875
cosmos/cosmos-sdk#5674

jordaaash commented

Fixed by 0f7cbe4 and 37fa37e.

jordaaash commented

This issue was confirmed due to the canonicalization omitting empty properties (in this case, "likes": null) within the message to sign.

This behavior was followed from the implementation of https://github.com/luniehq/cosmos-api/blob/327499bee146b930b77d877d922c1df9dc541881/src/signature.js#L52-L71 but is not precisely what the SDK does.

This has been fixed and a test has been added.

  • 👍1