-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: sign orders and whitelist makers #2087
Conversation
we should release 1.9.0 then :) |
crates/commons/src/order.rs
Outdated
impl NewOrderRequest { | ||
pub fn verify(&self) -> Result<()> { | ||
let message = self.value.message(); | ||
self.signature.verify(&message, &self.public_key)?; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤔 That doesn't make much sense does it?
Any body could send any message signed with the public key that they provide. We need to verify the signature on the node id of the user. This information can be found in the trader_id
field.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wups,that's the reason why we have PR reviews I guess 🙈
let new_order_request = NewOrderRequest { | ||
value: order, | ||
signature, | ||
public_key: secret_key.public_key(SECP256K1), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🔧 why not use order.trader_id
?
@@ -15,10 +18,19 @@ impl OrderbookClient { | |||
} | |||
|
|||
pub(crate) async fn post_new_order(&self, order: NewOrder) -> Result<OrderResponse> { | |||
let secret_key = get_node_key(); | |||
let message = order.message(); | |||
let signature = secret_key.sign_ecdsa(message); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🔧 It would probably reasonable to put the signing into a function and do not leak the secret_key just like that. Have a look at the AesCipher
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where is the advantage? The AesCipher
needs to be initialized using the secret_key
, meaning, we just move this to a different place.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well at least it would be wrapped a little bit nicer. Also you could get the secret key there the way you get it here, thus hiding the key handling away from this part.
But it's probably just a nit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@luckysori : I'm keen on hearing your thoughts on this and happily will change it in a follow-up PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
only whitelisted makers are allowed to post limit orders
This simplifies our test env setup as we can simply disable it.
d088d2c
to
7b4842a
Compare
only whitelisted makers are allowed to post limit orders
Note: this is a breaking change: