-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: prevent signing from wrong key in multisig (backport #1319) #1324
Conversation
* Add multisig check * Update CHANGELOG * Update CHANGELOG.md (cherry picked from commit c051dcc) # Conflicts: # CHANGELOG.md
Cherry-pick of c051dcc has failed:
To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## release/v0.48.x #1324 +/- ##
===================================================
- Coverage 69.78% 69.76% -0.02%
===================================================
Files 646 646
Lines 67507 67573 +66
===================================================
+ Hits 47109 47142 +33
- Misses 18212 18242 +30
- Partials 2186 2189 +3
|
Description
closes: #XXXX
When signing an multisig tx, you are required to provide the multisig address (--multisig) and the key you are signing with (--from), but there's no check that the key is actually part of the multisig. This makes it very easy to accidentally sign with the wrong key and only figure it out when you try to broadcast the invalid tx that includes a signature from a key thats not in the multisig.
Motivation and context
How has this been tested?
Screenshots (if appropriate):
Checklist:
CHANGELOG.md
client/docs/swagger-ui/swagger.yaml
This is an automatic backport of pull request #1319 done by [Mergify](https://mergify.com).