Skip to content

fix(sec-bug): handle no-login mode extensively #2615

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: dev
Choose a base branch
from
Open

fix(sec-bug): handle no-login mode extensively #2615

wants to merge 9 commits into from

Conversation

@onur-ozkan
Copy link
Collaborator

@onur-ozkan onur-ozkan commented Sep 10, 2025

There is a potential risk that if users make a typo in the passphrase field of the KDF config and then run the get_private_keys RPC, the returned private key will be incorrect because an empty string will be used as the passphrase. A typo in passphrase means the field is not defined, which causes the KDF to assume the user wants to operate in no-login mode (this is exactly what happens in #2458).

This PR disables coin activation and get_private_keys in no-login mode to prevent any risk on no-login mode, so users do not risk their funds and private keys due to a simple typo.

Resolves: #2458

@onur-ozkan
re-org eth_test passphrases
3ea4849 
Signed-off-by: Onur Özkan <[email protected]>
@mariocynicys
Copy link
Collaborator

mariocynicys commented Sep 10, 2025

p.s. some tests in rpc_command::offline_keys are failing.

@onur-ozkan
fix tests
f0824e6 
Signed-off-by: Onur Özkan <[email protected]>
@shamardy shamardy self-requested a review September 11, 2025 03:32
@shamardy
Copy link
Collaborator

shamardy commented Sep 11, 2025

I don't think #2458 is related to no-login mode only, but will review this as a fix to the no-login mode problem and not as a complete fix to #2458

shamardy
shamardy reviewed Sep 11, 2025
View reviewed changes
Copy link
Collaborator

@shamardy shamardy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My review according to this #2615 (comment)

mm2src/coins/lp_coins.rs
Comment on lines 5139 to +5142
pub async fn lp_coininit(ctx: &MmArc, ticker: &str, req: &Json) -> Result<MmCoinEnum, String> {
if ctx.is_no_login_mode() {
return ERR!("Cannot enable coins in no-login mode.");
}
Copy link
Collaborator

@shamardy shamardy Sep 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need something similar in v2 activation methods?

mm2src/coins_activation/src/platform_coin_with_tokens.rs
Comment on lines +447 to +449
if ctx.is_no_login_mode() {
return MmError::err(EnablePlatformCoinWithTokensError::CannotEnableInNoLoginMode);
}
Copy link
Collaborator

@shamardy shamardy Sep 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that you did add the check for some of the v2 activation methods, but I think that we need it in the utxo v2 activation methods as well.

Copy link
Collaborator Author

@onur-ozkan onur-ozkan Sep 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this a main gateway for all the v2 activations?

Copy link
Collaborator Author

@onur-ozkan onur-ozkan Sep 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this a main gateway for all the v2 activations?

Apparently it's not, what the hell..? They live under the same module but not implement the activation traits...

Copy link
Collaborator Author

@onur-ozkan onur-ozkan Sep 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any activation or private-key related logic that isn't explicitly handled will eventually be covered by this check so we don't need to add ifs all over the codebase.

@onur-ozkan
Copy link
Collaborator Author

onur-ozkan commented Sep 12, 2025

I don't think #2458 is related to no-login mode only, but will review this as a fix to the no-login mode problem and not as a complete fix to #2458

The root problem of that issue is related to no-login mode.

@onur-ozkan onur-ozkan mentioned this pull request Nov 10, 2025
Closed
@github-actions github-actions bot added the [] label Nov 30, 2025
@shamardy shamardy removed the [] label Dec 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shamardy shamardy shamardy left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

improvement: security Improvements made on runtime security status: pending review status: pending test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@onur-ozkan @mariocynicys @shamardy