feat(sdk-core): add automatic signature cleanup for Express TSS signing #7256
Conversation
|
@claude review |
There was a problem hiding this comment.
Pull Request Overview
This PR fixes an API gap in the Express TSS signing endpoint where re-signing partially signed Full TxRequests would fail due to stale signature shares. The solution adds automatic signature cleanup before signing operations.
- Adds signature share cleanup logic to detect and clean partial signatures before signing
- Updates Express TSS signing endpoint to use the new cleanup method
- Provides comprehensive test coverage for the signature cleanup scenarios
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| modules/sdk-core/src/bitgo/wallet/wallet.ts | Adds ensureCleanSigSharesAndSignTransaction method with signature cleanup logic |
| modules/express/src/clientRoutes.ts | Updates Express TSS signing to use new cleanup method |
| modules/bitgo/test/v2/unit/wallet.ts | Adds comprehensive unit tests for signature cleanup functionality |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| isPartiallySigned = txRequest.transactions.some((tx) => (tx.signatureShares ?? []).length > 0); | ||
| } else if (txRequest.messages && txRequest.messages.length > 0) { | ||
| isPartiallySigned = txRequest.messages.some((msg) => (msg.signatureShares ?? []).length > 0); |
There was a problem hiding this comment.
The partial signature detection logic is duplicated between transactions and messages. Consider extracting this into a helper function to reduce code duplication and improve maintainability.
There was a problem hiding this comment.
+1,
can do something like
const signabeResources: { signatureShares: [] } = txRequest.transactions?.length ? txRequest.transactions : txRequest.messages ?? [];
| ): Promise<SignedTransaction | TxRequest> { | ||
| const txRequestId = params.txRequestId || params.txPrebuild?.txRequestId; | ||
|
|
||
| if (txRequestId && this.tssUtils && this.multisigType() === 'tss') { |
There was a problem hiding this comment.
can we also separate the cleaning part in different method. It think it will make the method ensureCleanSigSharesAndSignTransaction more readable.
dpkjnr
force-pushed
the
delete-sigshare-on-signTss
branch
2 times, most recently
from
b8a43f0 to
ae9c08f
Compare
dpkjnr
force-pushed
the
delete-sigshare-on-signTss
branch
from
ae9c08f to
f8fcd9e
Compare
| let isPartiallySigned = false; | ||
|
|
||
| if (txRequest.transactions && txRequest.transactions.length > 0) { | ||
| isPartiallySigned = txRequest.transactions.some((tx) => (tx.signatureShares ?? []).length > 0); |
There was a problem hiding this comment.
Are we not considering any transaction state for this?
There was a problem hiding this comment.
I saw something similar in wallet-platform also, would there be any case where sigShares are there but state is postSign or something where we should not delete sig shares?
There was a problem hiding this comment.
The state could be readyToCombineShares which means it has been fully signed, but has not been broadcasted yet (the end state of v2.wallet.txrequest.sign is readyToCombineShares, and this is validated in the send api)
dpkjnr
force-pushed
the
delete-sigshare-on-signTss
branch
from
f8fcd9e to
71b889c
Compare
| if (isPartiallySigned) { | ||
| await this.tssUtils.deleteSignatureShares(txRequestId); | ||
| } |
There was a problem hiding this comment.
Can't we always just rebuild/delete sig shares before signing? Or are we avoiding this for latency reasons?
There was a problem hiding this comment.
that looks cleaner but we would make additional delete sigshares API call even in case of fresh transaction. If it looks fine to your team then I can make it default for txRequest full
| let isPartiallySigned = false; | ||
|
|
||
| if (txRequest.transactions && txRequest.transactions.length > 0) { | ||
| isPartiallySigned = txRequest.transactions.some((tx) => (tx.signatureShares ?? []).length > 0); |
There was a problem hiding this comment.
The state could be readyToCombineShares which means it has been fully signed, but has not been broadcasted yet (the end state of v2.wallet.txrequest.sign is readyToCombineShares, and this is validated in the send api)
| isPartiallySigned = txRequest.transactions.some((tx) => (tx.signatureShares ?? []).length > 0); | ||
| } else if (txRequest.messages && txRequest.messages.length > 0) { | ||
| isPartiallySigned = txRequest.messages.some((msg) => (msg.signatureShares ?? []).length > 0); |
There was a problem hiding this comment.
+1,
can do something like
const signabeResources: { signatureShares: [] } = txRequest.transactions?.length ? txRequest.transactions : txRequest.messages ?? [];
Fixes Express API gap where re-signing partially signed Full TxRequests would fail. The /signtxtss route now always cleans up signature shares for txRequest full before attempting to sign. Changes: - Add ensureCleanSigSharesAndSignTransaction() to Wallet class - Update Express handleV2SignTSSWalletTx() to use new method - Add comprehensive unit tests for signature cleanup logic Ticket: COIN-5989
dpkjnr
force-pushed
the
delete-sigshare-on-signTss
branch
from
b17eb7d to
c222e83
Compare
| const txRequestId = params.txRequestId || params.txPrebuild?.txRequestId; | ||
|
|
||
| if (txRequestId && this.tssUtils && this.multisigType() === 'tss') { | ||
| const txRequest = await this.tssUtils.getTxRequest(txRequestId); |
There was a problem hiding this comment.
Would it make sense to move this whole logic to backend via a params.rebuild flag in signTransaction call? This way we can abstract the logic for multiple wallet types (future requirement) and control the implementation details.
Fixes Express API gap where re-signing partially signed Full TxRequests would fail. The /signtxtss route now automatically detects and cleans up partial signature shares before attempting to sign.
Changes:
Benefits:
Ticket: COIN-5989