feat: remove traces of account number from the account object #3213
Conversation
zivkovicmilos
added
breaking change
github-actions
bot
added
📦 🤖 gnovm
Codecov ReportAttention: Patch coverage is
📢 Thoughts on this report? Let us know! |
zivkovicmilos
added
the
don't merge
|
There is a minor security benefit that may seem negligible. For example, similar to Having different I need a bit more time to consider the impact. Edit: I remember considering a similar approach. My idea was not to remove it but to make it optional, allowing you to choose between explicitness and implicitness. I wanted to extend this option to both the account number and the sequence number. However, the sequence number has a greater impact on security. |
| go.uber.org/zap v1.27.0 | ||
| golang.org/x/time v0.5.0 | ||
| ) | ||
|
|
||
| replace github.com/gnolang/gno => ../.. |
There was a problem hiding this comment.
This replace was originally removed, not sure when it was added back in 🙁
The gnofaucet cannot have a replace, because gnolang/faucet (imported by gnofaucet) imports gnolang/gno, and it's going to cause a build error since the API changed in this version of gnolang/gno -- we want gnofaucet to use an old version of gnolang/gno
There was a problem hiding this comment.
thinking gnolang/faucet should be moved into the monorepo or gnofaucet out of it; in any case fine.
The only reasoning I can think of for keeping the The benefits of dropping it are we can minimize the amount of chain queries we do for regular transaction signing (ex. in Adena, or any signing client), and that we can now return values for uninitialized accounts (zero balance, zero sequence). It makes the signing logic cleaner and simpler |
| return GetSignaturePayload(SignDoc{ | ||
| ChainID: chainID, | ||
| AccountNumber: accountNumber, |
There was a problem hiding this comment.
I'm considering whether it makes sense to replace AccountNumber with the pubkey here. However, since we're signing with the corresponding privkey and appending the pubkey to the tx, it may be unnecessary.
|
@zivkovicmilos As mentioned in the issue #661, why not return an error if the account doesn't exist ? This is what the |
@tbruyelle I am actually totally fine with the uninitialized accounts erroring out like they do now, we handle this in all of our clients |
I see OK. It is likely that the presence of the account number in gno is a simple port from the SDK codebase, and interestingly I was able to find the origin of the account number : cosmos/cosmos-sdk#1077 As noted in the PR, the account number was added as a security measure, actually a replay protection, but in the context of account pruning (account removed from state when balance is 0). However, I don't know much about state pruning so I can't say if this is still relevant. Maybe someone else can jump in and explain if this is still relevant. |
Description
This PR removes the
Account Numberfrom the account object.The account number is a sequential number generated from the internal chain state, to initialize accounts.
It serves no security benefits, given that the account object already has a
Sequencefor replay protection, and accounts are never deleted in TM2.Having it introduces a large overhead on maintaining it, and not being able to return "empty" accounts. It also introduces friction when generating transaction signatures, as the client would need to go to the chain to fetch the active account number.
Starts the process of closing #661.
Related:
Contributors' checklist...
BREAKING CHANGE: xxxmessage was included in the description