New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session key fixes and test #2138

Merged

tudor-malene merged 2 commits into main from tudor/fix_sk

Nov 12, 2024

Collaborator

tudor-malene commented Nov 12, 2024

Why this change is needed

Added a test for session keys
Repurposed the "eth_sendTransaction" endpoint to sign with the active SK


          Session key fixes and test

44793de

StefanIliev545 reviewed

View reviewed changes

integration/tengateway/tengateway_test.go

+              		Nonce:    w.GetNonceAndIncrement(),
+              		Gas:      uint64(1_000_000),
+              		GasPrice: gethcommon.Big1,
+              		Data:     gethcommon.FromHex(eventsContractBytecode),

Contributor

StefanIliev545 Nov 12, 2024

Whats this eventsContract? It's not in the PR

Contributor

moraygrieve Nov 12, 2024

Same ... don't see the events contract in this PR

Collaborator Author

tudor-malene Nov 12, 2024

it's a generic contract. It doesn't really matter for this PR. The idea here is to just send unsigned transactions, and check that they get signed


          Session key fixes and test

45bf96b

moraygrieve approved these changes

View reviewed changes

tools/walletextension/services/Readme.md

		@@ -0,0 +1,10 @@
		# Implement session keys - guide for app developers

		If the user selects "no-click UX" (or something) when the game starts, do the following:

Contributor

moraygrieve Nov 12, 2024

This isn't a general statement applicable to an app dev out there ... also we have a section for app developers in the ten-documentation repo so we need to add a section there at some point.

tools/walletextension/services/Readme.md


		If the user selects "no-click UX" (or something) when the game starts, do the following:

		1) call eth_getStorageAt with the address 0x0000000000000000000000000000000000000003 (the other parameters don't matter). This will return the address of the session key.

Contributor

moraygrieve Nov 12, 2024

So what I believe is being said there is that, if you call eth_getStorageAt through the gateway with a 'magic' slot number 0x0000000000000000000000000000000000000003 the gateway will return a session key address? Would you ever want to access this storage slot in a contract e.g. if the contract was transparent and you actually wanted the value stored at this address?

Collaborator Author

tudor-malene Nov 12, 2024

that's a magic address. Not a magic storage slot.
And there never will be a contract on that address

tools/walletextension/services/Readme.md

+) Create a transaction that transfers some eth to this address. (Maybe you ask the user to decide how many moves they want to prepay or something). The user has to sign this in their wallet. Then submit the tx.
+) Once the receipt is received you call eth_getStorageAt with 0x0000000000000000000000000000000000000004 . This means that you tell the gateway to activate the session key.
+) All the moves made by the user now can be sent with eth_sendRawTransaction or eth_sendTransaction unsigned. They will be signed by the gateway with the session key.
+) When the game is finished create a tx that moves the funds back from the SK to the main address. This will get singed with the SK by the gateeway

Contributor

moraygrieve Nov 12, 2024

We will never be able to totally send the funds from the session key address back to the user address as we can't fully estimate the gas required in TEN, so there will be leakage

Collaborator Author

tudor-malene Nov 12, 2024

yeah. We'll live with that for now. It will be minimal though

tools/walletextension/services/Readme.md

+) Once the receipt is received you call eth_getStorageAt with 0x0000000000000000000000000000000000000004 . This means that you tell the gateway to activate the session key.
+) All the moves made by the user now can be sent with eth_sendRawTransaction or eth_sendTransaction unsigned. They will be signed by the gateway with the session key.
+) When the game is finished create a tx that moves the funds back from the SK to the main address. This will get singed with the SK by the gateeway
+) Call: eth_getStorageAt with 0x0000000000000000000000000000000000000005 - this deactivates the key.

Contributor

moraygrieve Nov 12, 2024

... with likely albeit small leakage of funds

tools/walletextension/services/Readme.md

+) call eth_getStorageAt with the address 0x0000000000000000000000000000000000000003 (the other parameters don't matter). This will return the address of the session key.
+) Create a transaction that transfers some eth to this address. (Maybe you ask the user to decide how many moves they want to prepay or something). The user has to sign this in their wallet. Then submit the tx.
+) Once the receipt is received you call eth_getStorageAt with 0x0000000000000000000000000000000000000004 . This means that you tell the gateway to activate the session key.

Contributor

moraygrieve Nov 12, 2024

What happens on a gateway restart, is the session key and associated funds lost?

Collaborator Author

tudor-malene Nov 12, 2024

sk survives.

tudor-malene merged commit 7f88ff5 into main

2 checks passed

tudor-malene deleted the tudor/fix_sk branch

November 12, 2024 12:37

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet