Files
nym/integrations/bity
Drazen Urch 8288d38257 Audit fixes (#2922)
* oak-2

* oak-8

* oak-13

* oak-15

* oak-18

* Minor clippy nit

* 2023-01-13-OAK-6

* 2023-01-13-OAK-3

* 2023-01-13-OAK-13

Implemented via direct dependency on cw2 and calling the appropriate code on migration

* Removed few instances of password being unecessarily copied

* 2023-01-13-OAK-10

* 2023-01-13-OAK-12

* 2021-09-13-JP-S-NYM-02

* 2021-09-13-JP-S-NYM-03

* Removed further instances of needlessly copying the mnemonic

* 2021-09-13-JP-O-PROT-03

* 2021-09-13-JP-S-NYM-01*

*: we still have one vulnerability on 'time' pulled from chrono via sqlx. However, apparently its usage is fine... Having said that, I'd still recommend removing all dependencies on chrono, but this will require some database migrations...

* 2023-01-13-OAK-11 (#3009)

* wip

* Introducing the concept of starting epoch transition in `nym-api`

* split epoch operations into multiple files

* epoch operation failure recovery

* sending rewarding transactions in correct order

* tests and fixes due to epoch state progression

* lint

* missed rebasing import changes

* Setting cw2 contract version during first migration run

* calling 'reconcile_epoch_events' at least once

* Made message to BeginEpochTransition more consistent with other variants

* Merge layer assignment updates

---------

Co-authored-by: Jędrzej Stuczyński <jedrzej.stuczynski@gmail.com>
2023-03-03 14:15:38 +00:00
..
2023-03-03 14:15:38 +00:00
2023-01-05 15:35:47 +00:00

Buy NYM with Bity

This crate allows Bity to verify orders for purchasing NYM tokens. The same crate is used by the wallet to sign orders for purchases.

Signing

The Nym Wallet user will sign an order message provided by Bity to create a signed order with the following fields:

account_id: n1jw6mp7d5xqc7w6xm79lha27glmd0vdt3l9artf
message: "This is the order message from Bity"
order signature: 
{
  "account_id": "n1jw6mp7d5xqc7w6xm79lha27glmd0vdt3l9artf",
  "public_key": {
    "@type": "/cosmos.crypto.secp256k1.PubKey",
    "key": "A/zqdyeyPhCEXB9pyVLdNb5er+eds5ayboCdEEHK3Uom"
  },
  "signature_as_hex": "31C522B9B5C522A93CE14BE38E2D380CA166F69E952DF6F5D45B3B9CCDAAFE9115FBDF8539092986391C46885242E6E4CF806EEC1BB869A28D0E6D347C52121A"
}

The signature field of the order contains a JSON representation of:

  • the Cosmos address of the signer (account_id)
  • the Cosmos public key
  • a hex string digest of the Bity order message signed by the user

Note: the signature_as_hex is not in recoverable form (e.g. allows recovering the public key from the signature in secp256k1). This is why the public key is supplied along with the account id, as the prefix cannot be recovered.

Verification

Verification has been wrapped up into taking a single struct that can be parsed from JSON:

{
  "account_id": "n1jw6mp7d5xqc7w6xm79lha27glmd0vdt3l9artf",
  "message": "This is the order message from Bity",
  "signature": << ORDER SIGNATURE JSON GOES HERE >>
}

The following will be checked:

  • the account_id supplied matches:
    • the account id derived from the public key
    • the account id field in the order signature JSON
  • the account id is for Nym mainnet
  • the signature is for the message
  • all data structures parse correctly
    • nested structs
    • account ids
    • Cosmos public keys