grassrootseconomics/sarafu-vise
8
0
Fork 0
Code Issues 20 Pull Requests 4 Actions 1 Packages Projects Releases Wiki Activity

pdb.Abort(ctx) causing write rollbacks #65

New Issue
Closed
opened 2025-04-25 12:37:40 +02:00 by Alfred-mk · 4 comments
Alfred-mk commented 2025-04-25 12:37:40 +02:00
Member
Copy Link

On go-vise 826c56de54/db/postgres/pg.go (L208C3-L208C17)

Once a key is not found on the store, the pdb.Abort(ctx) is called, which performs a transaction rollback pdb.tx.Rollback(ctx)

This affects several parts of the menu, and here is a sample case

Clearance of the temporary value

  • main.vis calls a function that clears the current temporary value
  • For new users, this is usually the hashed PIN
  • When a new user moves to a node that calls a key, if the key is not found, the previous transaction is rolledback
  • The hashed PIN then remains as the temporary value and can then end up in a different key

Steps

  • Register a new account on the africastalking binary
  • Access the main menu (this should clear the temporary value and remove the hashed PIN)
running ClearTemporaryValue
[T] db:db.go:250 made db lookup key     lk=202b3235343732343931323232342e000b, pfx=32
[T] postgresdb:pg.go:149 put    key=000b, val=
  • With a voucher, go to the send menu and input a number that is not on the platform (writes the recipient as the new temporary value)
[T] db:db.go:250 made db lookup key     lk=202b3235343732343931323232342e000b, pfx=32
[T] postgresdb:pg.go:93 begin single tx err=<nil>
[T] postgresdb:pg.go:149 put    key=000b, val=30373132333435363738
  • It then checks whether the number is registered by checking the publickey. Given that it's not present, the rollback is called
[T] db:db.go:250 made db lookup key     lk=202b3235343731323334353637382e0001, pfx=32
[T] postgresdb:pg.go:176 get    key=0001
[I] postgresdb:pg.go:129 aborting tx    tx=&{0xc0000c85a0 0xc00079dcd8}
  • Navigate to the invite recipient node, which reads the temporary value (should access the recipient)
[T] db:db.go:250 made db lookup key     lk=202b3235343732343931323232342e000b, pfx=32
[T] postgresdb:pg.go:176 get    key=000b
the recipient from temporary_value: $2a$08$wCcZJsqUALJUx4Mmfuvl7.2vutDdowsyaSOL12hFVsJtY1PE2OVre
  • The temporary value that's retrieved is the hashed PIN, instead of the recipient
On go-vise https://github.com/nolash/go-vise/blob/826c56de5470a3ad764eee96b5e0d21018618aab/db/postgres/pg.go#L208C3-L208C17 Once a key is not found on the store, the pdb.Abort(ctx) is called, which performs a transaction rollback `pdb.tx.Rollback(ctx)` This affects several parts of the menu, and here is a sample case ## Clearance of the temporary value - `main.vis` calls a function that clears the current temporary value - For new users, this is usually the hashed PIN - When a new user moves to a node that calls a key, if the key is not found, the previous transaction is rolledback - The hashed PIN then remains as the temporary value and can then end up in a different key ### Steps - Register a new account on the africastalking binary - Access the main menu (this should clear the temporary value and remove the hashed PIN) ``` running ClearTemporaryValue [T] db:db.go:250 made db lookup key lk=202b3235343732343931323232342e000b, pfx=32 [T] postgresdb:pg.go:149 put key=000b, val= ``` - With a voucher, go to the send menu and input a number that is not on the platform (writes the recipient as the new temporary value) ``` [T] db:db.go:250 made db lookup key lk=202b3235343732343931323232342e000b, pfx=32 [T] postgresdb:pg.go:93 begin single tx err=<nil> [T] postgresdb:pg.go:149 put key=000b, val=30373132333435363738 ``` - It then checks whether the number is registered by checking the publickey. Given that it's not present, the rollback is called ``` [T] db:db.go:250 made db lookup key lk=202b3235343731323334353637382e0001, pfx=32 [T] postgresdb:pg.go:176 get key=0001 [I] postgresdb:pg.go:129 aborting tx tx=&{0xc0000c85a0 0xc00079dcd8} ``` - Navigate to the invite recipient node, which reads the temporary value (should access the recipient) ``` [T] db:db.go:250 made db lookup key lk=202b3235343732343931323232342e000b, pfx=32 [T] postgresdb:pg.go:176 get key=000b the recipient from temporary_value: $2a$08$wCcZJsqUALJUx4Mmfuvl7.2vutDdowsyaSOL12hFVsJtY1PE2OVre ``` - The temporary value that's retrieved is the hashed PIN, instead of the recipient
Alfred-mk added the
Kind/Bug
Priority
Critical
 labels 2025-04-25 12:38:08 +02:00
Alfred-mk commented 2025-04-25 12:39:38 +02:00
Author
Member
Copy Link

Log file for a newly registered user that accesses the invite recipient node

Log file for a newly registered user that accesses the invite recipient node
tx_rollback_error.txt
175 KiB
Alfred-mk commented 2025-04-25 12:45:28 +02:00
Author
Member
Copy Link

Possible fix

Removing this line resolves the issue from our tests
pdb.Abort(ctx)

826c56de54/db/postgres/pg.go (L208C3-L208C17)

### Possible fix Removing this line resolves the issue from our tests `pdb.Abort(ctx)` https://github.com/nolash/go-vise/blob/826c56de5470a3ad764eee96b5e0d21018618aab/db/postgres/pg.go#L208C3-L208C17
Alfred-mk commented 2025-04-25 12:51:57 +02:00
Author
Member
Copy Link

On go-vise 826c56de54/db/postgres/pg.go (L208C3-L208C17)

Once a key is not found on the store, the pdb.Abort(ctx) is called, which performs a transaction rollback pdb.tx.Rollback(ctx)

This affects several parts of the menu, and here is a sample case

Clearance of the temporary value

  • main.vis calls a function that clears the current temporary value
  • For new users, this is usually the hashed PIN
  • When a new user moves to a node that calls a key, if the key is not found, the previous transaction is rolledback
  • The hashed PIN then remains as the temporary value and can then end up in a different key

Steps

  • Register a new account on the africastalking binary
  • Access the main menu (this should clear the temporary value and remove the hashed PIN)
running ClearTemporaryValue
[T] db:db.go:250 made db lookup key     lk=202b3235343732343931323232342e000b, pfx=32
[T] postgresdb:pg.go:149 put    key=000b, val=
  • With a voucher, go to the send menu and input a number that is not on the platform (writes the recipient as the new temporary value)
[T] db:db.go:250 made db lookup key     lk=202b3235343732343931323232342e000b, pfx=32
[T] postgresdb:pg.go:93 begin single tx err=<nil>
[T] postgresdb:pg.go:149 put    key=000b, val=30373132333435363738
  • It then checks whether the number is registered by checking the publickey. Given that it's not present, the rollback is called
[T] db:db.go:250 made db lookup key     lk=202b3235343731323334353637382e0001, pfx=32
[T] postgresdb:pg.go:176 get    key=0001
[I] postgresdb:pg.go:129 aborting tx    tx=&{0xc0000c85a0 0xc00079dcd8}
  • Navigate to the invite recipient node, which reads the temporary value (should access the recipient)
[T] db:db.go:250 made db lookup key     lk=202b3235343732343931323232342e000b, pfx=32
[T] postgresdb:pg.go:176 get    key=000b
the recipient from temporary_value: $2a$08$wCcZJsqUALJUx4Mmfuvl7.2vutDdowsyaSOL12hFVsJtY1PE2OVre
  • The temporary value that's retrieved is the hashed PIN, instead of the recipient

The menu flow for this
image

> On go-vise https://github.com/nolash/go-vise/blob/826c56de5470a3ad764eee96b5e0d21018618aab/db/postgres/pg.go#L208C3-L208C17 > > Once a key is not found on the store, the pdb.Abort(ctx) is called, which performs a transaction rollback `pdb.tx.Rollback(ctx)` > > This affects several parts of the menu, and here is a sample case > > ## Clearance of the temporary value > - `main.vis` calls a function that clears the current temporary value > - For new users, this is usually the hashed PIN > - When a new user moves to a node that calls a key, if the key is not found, the previous transaction is rolledback > - The hashed PIN then remains as the temporary value and can then end up in a different key > > ### Steps > - Register a new account on the africastalking binary > - Access the main menu (this should clear the temporary value and remove the hashed PIN) > ``` > running ClearTemporaryValue > [T] db:db.go:250 made db lookup key lk=202b3235343732343931323232342e000b, pfx=32 > [T] postgresdb:pg.go:149 put key=000b, val= > ``` > - With a voucher, go to the send menu and input a number that is not on the platform (writes the recipient as the new temporary value) > ``` > [T] db:db.go:250 made db lookup key lk=202b3235343732343931323232342e000b, pfx=32 > [T] postgresdb:pg.go:93 begin single tx err=<nil> > [T] postgresdb:pg.go:149 put key=000b, val=30373132333435363738 > ``` > - It then checks whether the number is registered by checking the publickey. Given that it's not present, the rollback is called > ``` > [T] db:db.go:250 made db lookup key lk=202b3235343731323334353637382e0001, pfx=32 > [T] postgresdb:pg.go:176 get key=0001 > [I] postgresdb:pg.go:129 aborting tx tx=&{0xc0000c85a0 0xc00079dcd8} > ``` > - Navigate to the invite recipient node, which reads the temporary value (should access the recipient) > ``` > [T] db:db.go:250 made db lookup key lk=202b3235343732343931323232342e000b, pfx=32 > [T] postgresdb:pg.go:176 get key=000b > the recipient from temporary_value: $2a$08$wCcZJsqUALJUx4Mmfuvl7.2vutDdowsyaSOL12hFVsJtY1PE2OVre > ``` > - The temporary value that's retrieved is the hashed PIN, instead of the recipient > > > > The menu flow for this <img width="478" alt="image" src="attachments/0467ad10-8cd6-4394-ab47-b842fbca9e40">
image.png
48 KiB
Alfred-mk commented 2025-04-27 15:22:23 +02:00
Author
Member
Copy Link

Resolved by 8b84f59792

Resolved by https://github.com/nolash/go-vise/commit/8b84f59792ceebda96088fe29ddf59a955ce5d3a
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
ussd/user-reported

Issue reported by a user while interacting with the ussd

  
Compat/Breaking

Breaking change that won't be backward compatible

  
Kind/Bug

Something is not working

  
Kind/Documentation

Documentation changes

  
Kind/Enhancement

Improve existing functionality

  
Kind/Feature

New functionality

  
Kind/Security

This is security issue

  
Kind/Testing

Issue or pull request related to testing

  
Priority
Critical
The priority is critical

  
Priority
High
The priority is high

  
Priority
Low
The priority is low

  
Priority
Medium
The priority is medium

  
Reviewed
Confirmed
Issue has been confirmed

  
Reviewed
Duplicate
This issue or pull request already exists

  
Reviewed
Invalid
Invalid issue

  
Reviewed
Won't Fix
This issue won't be fixed

  
Status
Abandoned
Somebody has started to work on this but abandoned work

  
Status
Blocked
Something is blocking this issue or pull request

  
Status
Need More Info
Feedback is required to reproduce issue or to continue work

No Label
ussd/user-reported
Compat/Breaking
Kind/Bug
Kind/Documentation
Kind/Enhancement
Kind/Feature
Kind/Security
Kind/Testing
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Reviewed
Confirmed
Reviewed
Duplicate
Reviewed
Invalid
Reviewed
Won't Fix
Status
Abandoned
Status
Blocked
Status
Need More Info
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: grassrootseconomics/sarafu-vise#65
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?