feat: enforce keyset expiry#1946
Conversation
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #1946 +/- ##
==========================================
+ Coverage 65.49% 65.57% +0.08%
==========================================
Files 330 330
Lines 57554 57744 +190
==========================================
+ Hits 37695 37867 +172
- Misses 19859 19877 +18 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
How i can test it? I try to change the |
use the management RPC CLI to rotate mintd-cli rotate-next-keyset --final-expiry $(($(date +%s) + SECONDS_IN_THE_FUTURE))Then mint ecash before SECONDS_IN_THE_FUTURE. Wait for expiry, then try to use that ecash.
I'm not sure that works because the keyset ID commits to the expiry and mintd will auto-rotate on startup if you have no active keys. Also the mint might keep the active keys in memory. |
|
The error occurs after invoice has created and paid, i think that the validation needs to be before the invoice creation. 
|
Yea this is tricky because keyset can also expire after the quote is created like I described here #1895 (comment) So we could return an error for the request to create a mint quote if the active keyset is expired, but that only solves half the problem. Do you have any suggestion on how this should work @TheMhv? I think that this just needs to be handle client side by checking the keyset expiry. |
I cannot create new mint quotes from expired keyset, the mint should return an error. Beside that, we can has mint quotes that was created when keyset was valid, but now it's expired. For this case i have one idea, we can create a "quote renew" request that requires a payment proof (the |
We could disable minting if there is no active keyset but really that doesn't always solve the problem since you could have got a mint quote before the expiry and then attempt to mint after, no check we can do can protect from that. I think its an edge case and mints generally won't be running in this state it is only if they are shutting down. |
gudnuf
force-pushed
the
feat/enforce-keyset-expiry
branch
from
963b953 to
c5c22f4
Compare
thesimplekid
force-pushed
the
feat/enforce-keyset-expiry
branch
3 times, most recently
from
2c2dee5 to
d7242a9
Compare
Reject ecash from keysets whose final_expiry is in the past at every mint operation: swap inputs/outputs, mint, melt, blind_sign, restore. Expired keysets keep active=true and stay listed in /v1/keys and /v1/keysets responses for backward compat with wallets that don't know about final_expiry; those wallets discover expiry at use time via the new Error::ExpiredKeyset (code 12003). The mint builder no longer auto-rotates an expired active keyset, and init_keysets does not reactivate expired keysets on startup. Both treat expiry as the operator's shutdown signal. Closes the enforcement half of cashubtc#1895.
thesimplekid
force-pushed
the
feat/enforce-keyset-expiry
branch
from
d7242a9 to
d31acec
Compare
3 participants
closes #1895
Description
Enforces keyset expiry by rejecting inputs and outputs for an expired keyset. The expired keyset stays active.
Notes to the reviewers
This doesn't handle the wallet side of things. Also, while working on the tests I realized that the mint allows for keysets to be rotated with an expiry in the past, I created an issue for that #1945
Suggested CHANGELOG Updates
CHANGED
ADDED
REMOVED
FIXED
Checklist
just quick-checkbefore committingcrates/cdk-ffi)