hailin
/
rwadurian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: correct signing parties count validation to T+1 (required signers for TSS)

This commit is contained in:
hailin 2025-12-06 10:20:21 -08:00
parent 47a98da4e4
commit 1044cfe635
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
backend/mpc-system/services/account/adapters/input/http/account_handler.go
View File

@ -778,11 +778,12 @@ func (h *AccountHTTPHandler) CreateSigningSession(c *gin.Context) {
// Use the selected delegate for signing (not necessarily the account's delegate) // Use the selected delegate for signing (not necessarily the account's delegate)
delegateShare = selectedDelegateShare delegateShare = selectedDelegateShare
// Validate we have enough parties // Validate we have enough parties (T+1 required for TSS signing)
if len(partyIDs) < accountOutput.Account.ThresholdT { requiredSigners := accountOutput.Account.ThresholdT + 1
if len(partyIDs) < requiredSigners {
c.JSON(http.StatusBadRequest, gin.H{ c.JSON(http.StatusBadRequest, gin.H{
"error": "insufficient parties for signing", "error": "insufficient parties for signing",
"required": accountOutput.Account.ThresholdT, "required": requiredSigners,
"selected": len(partyIDs), "selected": len(partyIDs),
}) })
return return

8
backend/mpc-system/services/account/domain/entities/account.go
View File

@ -140,9 +140,11 @@ func (a *Account) Validate() error {
} }
// SetSigningParties sets the designated signing parties for this account // SetSigningParties sets the designated signing parties for this account
// partyIDs must contain exactly ThresholdT parties // partyIDs must contain exactly ThresholdT + 1 parties (required signers for TSS)
// For 2-of-3: ThresholdT=1, so T+1=2 signers required
func (a *Account) SetSigningParties(partyIDs []string) error { func (a *Account) SetSigningParties(partyIDs []string) error {
if len(partyIDs) != a.ThresholdT { requiredSigners := a.ThresholdT + 1
if len(partyIDs) != requiredSigners {
return ErrInvalidSigningPartiesCount return ErrInvalidSigningPartiesCount
} }
// Check for duplicates // Check for duplicates
@ -197,7 +199,7 @@ var (
ErrAccountNotFound = &AccountError{Code: "ACCOUNT_NOT_FOUND", Message: "account not found"} ErrAccountNotFound = &AccountError{Code: "ACCOUNT_NOT_FOUND", Message: "account not found"}
ErrDuplicateUsername = &AccountError{Code: "DUPLICATE_USERNAME", Message: "username already exists"} ErrDuplicateUsername = &AccountError{Code: "DUPLICATE_USERNAME", Message: "username already exists"}
ErrDuplicateEmail = &AccountError{Code: "DUPLICATE_EMAIL", Message: "email already exists"} ErrDuplicateEmail = &AccountError{Code: "DUPLICATE_EMAIL", Message: "email already exists"}
ErrInvalidSigningPartiesCount = &AccountError{Code: "INVALID_SIGNING_PARTIES_COUNT", Message: "signing parties count must equal threshold T"} ErrInvalidSigningPartiesCount = &AccountError{Code: "INVALID_SIGNING_PARTIES_COUNT", Message: "signing parties count must equal threshold T + 1 (required signers)"}
ErrInvalidPartyID = &AccountError{Code: "INVALID_PARTY_ID", Message: "party ID cannot be empty"} ErrInvalidPartyID = &AccountError{Code: "INVALID_PARTY_ID", Message: "party ID cannot be empty"}
ErrDuplicatePartyID = &AccountError{Code: "DUPLICATE_PARTY_ID", Message: "duplicate party ID in signing parties"} ErrDuplicatePartyID = &AccountError{Code: "DUPLICATE_PARTY_ID", Message: "duplicate party ID in signing parties"}
) )