Skip to content

fix(sdk-lib-mpc): re-derive dkgState from WASM bytes in restoreSession#8466

Open
mohammadalfaiyazbitgo wants to merge 1 commit intomasterfrom
worktree-WAL-396-fix-dkg-restore-session
Open

fix(sdk-lib-mpc): re-derive dkgState from WASM bytes in restoreSession#8466
mohammadalfaiyazbitgo wants to merge 1 commit intomasterfrom
worktree-WAL-396-fix-dkg-restore-session

Conversation

@mohammadalfaiyazbitgo
Copy link
Copy Markdown
Contributor

@mohammadalfaiyazbitgo mohammadalfaiyazbitgo commented Apr 9, 2026

Summary

  • Dkg.restoreSession() now calls _deserializeState() after _restoreSession() to always derive dkgState from the actual WASM bytes, ignoring the caller-supplied value in DkgSessionData
  • Adds a Complete state override when keyShareBuff is present, since the WASM bytes still reflect WaitMsg4 after keyshare() frees the session
  • Adds a regression test asserting that a tampered dkgState in session data is ignored on restore

Test plan

  • yarn run unit-test --scope @bitgo/sdk-lib-mpc -- -- --grep "restoreSession" — new tampered-state test passes
  • yarn run unit-test --scope @bitgo/sdk-lib-mpc — all existing DKG round-trip tests continue to pass

WAL-396

🤖 Generated with Claude Code

@mohammadalfaiyazbitgo @claude
fix(sdk-lib-mpc): re-derive dkgState from WASM bytes in restoreSession
41300bf 
Call _deserializeState() after _restoreSession() so dkgState is always
derived from the actual WASM bytes instead of the caller-supplied value.
When keyShareBuff is present, override state to Complete since the WASM
bytes still reflect WaitMsg4 after keyshare() frees the session.

Adds a regression test verifying tampered dkgState is ignored.

WAL-396

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@linear
Copy link
Copy Markdown

linear bot commented Apr 9, 2026

WAL-396 [Security] Dkg.restoreSession() Trusts Caller-Supplied dkgState Instead of Re-Deriving

@mohammadalfaiyazbitgo mohammadalfaiyazbitgo marked this pull request as ready for review April 9, 2026 20:37
@mohammadalfaiyazbitgo mohammadalfaiyazbitgo requested review from a team as code owners April 9, 2026 20:37
zahin-mohammad
zahin-mohammad reviewed Apr 10, 2026
View reviewed changes
modules/sdk-lib-mpc/src/tss/ecdsa-dkls/dkg.ts
Comment on lines +356 to +360
if (sessionData.keyShareBuff) {
// After keyshare() is called the WASM session is freed and dkgSessionBytes still reflect WaitMsg4.
// Presence of keyShareBuff is the reliable signal that the protocol completed.
dkg.dkgState = DkgState.Complete;
}
Copy link
Copy Markdown
Contributor

@zahin-mohammad zahin-mohammad Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be handled by _deserializeState

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zahin-mohammad zahin-mohammad zahin-mohammad left review comments

@pranavjain97 pranavjain97 Awaiting requested review from pranavjain97 pranavjain97 is a code owner automatically assigned from BitGo/wallet-core

@kisslove-dewangan kisslove-dewangan Awaiting requested review from kisslove-dewangan kisslove-dewangan is a code owner automatically assigned from BitGo/wallet-core-india

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mohammadalfaiyazbitgo @zahin-mohammad