Bug: steem-verifier crashes on certain transaction ids

Project Information

Repository: https://github.com/hernandev/steem-verifier
Project Name: steem-verifier

Expected behavior

When giving a valid transaction id, steem-verifier should show the public key of the signer and the user name of the signer.

Actual behavior`

Install steem-verifier with

pip install steem-verifier

and enter the following into the terminal:

steem-verifier d6457b3ad20583b3434f3a06c2c648b3a770c341

Now steem-verifier crashes with:

ecdsa.numbertheory.SquareRootError: 76198183007165409965398859979003670973818984091490751645956120696063919941083 has no square root modulo 115792089237316195423570985008687907853269984665640564039457584007908834671663

How to reproduce

Here is the proof that d6457b3ad20583b3434f3a06c2c648b3a770c341 is a valid trx
(using https://steemd.com/tx/d6457b3ad20583b3434f3a06c2c648b3a770c341):

Browser/App version: Python 3.6.4, steempy 1.0.0
Operating system: Linux brooks.uberspace.de 3.10.0-693.11.6.el7.x86_64 #1 SMP Thu Jan 4 01:06:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Recording Of The Bug

Traceback:

Traceback (most recent call last):
  File "/home/holger80/.local/bin/steem-verifier", line 11, in <module>
    sys.exit(entry())
  File "/home/holger80/.local/lib/python3.6/site-packages/verifier/cli.py", line 48, in entry
    public_keys = verifier.get_public_keys(transaction_data)
  File "/home/holger80/.local/lib/python3.6/site-packages/verifier/verifier.py", line 56, in get_public_keys
    for key in transaction.verify(chain=self.chain):
  File "/home/holger80/.local/lib/python3.6/site-packages/steembase/transactions.py", line 225, in verify
    p = self.recover_public_key(self.digest, sig, recoverParameter)
  File "/home/holger80/.local/lib/python3.6/site-packages/steembase/transactions.py", line 141, in recover_public_key
    beta = ecdsa.numbertheory.square_root_mod_prime(alpha, curve.p())
  File "/home/holger80/.local/lib/python3.6/site-packages/ecdsa/numbertheory.py", line 165, in square_root_mod_prime
    % ( a, p ) )
ecdsa.numbertheory.SquareRootError: 76198183007165409965398859979003670973818984091490751645956120696063919941083 has no square root modulo 115792089237316195423570985008687907853269984665640564039457584007908834671663

It is possible to use the secp256k1 module for sign and verify in steem-python. Let's see if the usage of this module changes something:

=> Extracting public keys...
Traceback (most recent call last):
  File "/home/holger80/.local/bin/steem-verifier", line 11, in <module>
    sys.exit(entry())
  File "/home/holger80/.local/lib/python3.6/site-packages/verifier/cli.py", line 48, in entry
    public_keys = verifier.get_public_keys(transaction_data)
  File "/home/holger80/.local/lib/python3.6/site-packages/verifier/verifier.py", line 56, in get_public_keys
    for key in transaction.verify(chain=self.chain):
  File "/home/holger80/.local/lib/python3.6/site-packages/steembase/transactions.py", line 213, in verify
    sig = pub.ecdsa_recoverable_deserialize(sig, recoverParameter)
  File "/home/holger80/.local/lib/python3.6/site-packages/secp256k1/__init__.py", line 136, in ecdsa_recoverable_deserialize
    raise Exception("invalid rec_id")
Exception: invalid rec_id

Does also not work, but different error message.

Proof of Work Done

https://github.com/holgern

Sort:

Trending

[-]

hernandev (61) 6 years ago

@holger80 update on the matter, after installing the secp256k1 bindings, it also triggers an error, meaning the recorvery parameter parsing is being incorrect there, I guess is related to the bit split, I'll return when I get more details.

Thanks!

$0.07

1 vote

So, steem-js does loop through all possibilities instead of trying to guess the recovery param, (it actually try all values AFAIK)

holger80 (74) 6 years ago (edited)

I added the new error message, when secp256k1 is installed.
The recorvery parameter parsing could be the cause, good thinking.

$0.00

Yes. the discoveral of the recovery param is leading to a negative number when using your provided transaction id. I'll keep debbuging here.

Hey @holger80!
Wow, you found an issue I was not even aware could happen!

Thanks for reporting, the error is raised on steem-python level, so for fixing it locally on the project, I would have to "down-port" the signature functionality.

I'll take a look into submitting a PR on steem-python itself, and I can walk you the lines of code that lead to this error, if you want to submit a bug report on steem-python itself.

(But pretty sure you know this code way better than me :) )

tykee (73) 6 years ago (edited)

Approved

Need help? Write a ticket on https://support.utopian.io.
Chat with us on Discord.

[utopian-moderator]

utopian-io (71) 6 years ago

Hey @holger80
Thanks for contributing on Utopian.
We're already looking forward to your next contribution!

Contributing on Utopian
Learn how to contribute on our website or by watching this tutorial on Youtube.

Want to chat? Join us on Discord https://discord.gg/h52nFrV.

Vote for Utopian Witness!