[Bug?] Client 'incoming-viewing-key' potential issue #1434
Description
For nightfall client's 'incoming-viewing-key' request, it stores given 'zkpPrivateKeys' and 'nullifierKeys' in memory,
then it tries to use these to sync client commitments using nightfall-client/src/services/commitment-sync.mjs's clientCommitmentSync exported function.
clientCommitmentSync implementation
given a ‘zkpPrivateKey’ and a ‘nullifierKey’ get all transactions, for each transaction:
- get all non-zero commitments
- conditional: only for ‘transfer’ transaction (identifies by compressedSecrets being not [ZERO,ZERO]) where we have the first non-zero commitment stored
- try to decrypt that commitement using the provided ‘zkpPrivateKey’ and ‘nullifierKey’
However, the condition is:
countCommitments([nonZeroCommitments[0]]) === 0where countCommitments returns a Promise but is comapred to a numeric literal so condition will never be met (supposedly) which means it will not decrypt any commitments already stored prior to the 'incoming-viewing-key' request.
Mitigation
- Probably should 'await' the call to
countCommitments - Maybe create a test-case for that use-case
- The call to
decryptCommitmentis also not awaited for which could be intentional but will resume before sync is over and has implications with regards to error handling