Skip to content

Adding aptos service implementation#340

Open
yashnevatia wants to merge 38 commits intodevelopfrom
aptos-service
Open

Adding aptos service implementation#340
yashnevatia wants to merge 38 commits intodevelopfrom
aptos-service

Conversation

@yashnevatia
Copy link
Contributor

@yashnevatia yashnevatia commented Feb 16, 2026
edited
Loading

No description provided.

@yashnevatia yashnevatia requested a review from a team as a code owner February 16, 2026 16:47
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 16, 2026
View reviewed changes
@yashnevatia yashnevatia marked this pull request as draft March 5, 2026 18:51
@yashnevatia yashnevatia requested a review from Fletch153 March 6, 2026 10:09
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 6, 2026
View reviewed changes
yashnevatia
yashnevatia commented Mar 10, 2026
View reviewed changes
relayer/chain/chain.go
lggr logger.Logger
ds sqlutil.DataSource
keyStore loop.Keystore

Copy link
Contributor Author

@yashnevatia yashnevatia Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

passing in keystore to use the highest balance transmitter account.
Check aptos_service.SubmitTransaction

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 11, 2026
View reviewed changes
@yashnevatia yashnevatia marked this pull request as ready for review March 11, 2026 16:53
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 11, 2026
View reviewed changes
relayer/aptos_service.go
// TODO: add expected simulation failures to save gas on reported transmissions
)
if enqueueErr != nil {
s.logger.Errorw("SubmitTransaction: EnqueueWithEntryFunction failed", "txID", txID, "error", enqueueErr)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

Sensitive data returned by an access to authKey
Loading
flows to a logging call.

Copilot Autofix

AI about 1 hour ago

Generally, to fix this kind of problem you either (a) avoid logging the sensitive value at all, or (b) log only a redacted/hashed/shortened representation that is not directly usable by an attacker. For error objects, you should avoid propagating or logging detailed structs that may contain sensitive fields; instead, log higher-level, sanitized error messages.

In this specific case, the clearest minimal fix is in relayer/aptos_service.go:

  1. Stop logging the full enqueueErr object coming back from EnqueueWithEntryFunction, because that error may wrap an AptosTx or otherwise include the FromAddress/authKey or related data.
  2. Replace that with a generic or less-detailed message that does not include the error itself in the log fields, while still returning the wrapped error to the caller so functional behavior is unchanged.
  3. Optionally, you could still log a non-sensitive summary (e.g., just "failed": true) alongside txID, but exclude enqueueErr.

We do not need to alter relayer/utils/address.go or relayer/txm/txm.go to fix the concrete logging sink flagged by CodeQL; enqueueTransaction already logs a formatted transaction (fmt.Errorf("failed to enqueue tx: %+v", tx)) but CodeQL’s reported sink here is the enqueueErr log in aptos_service.go. To keep the change as small and non-disruptive as possible, we will modify only the logging statement at line 216 in relayer/aptos_service.go to remove the error value from the structured log while preserving the returned error.

Concretely:

  • In relayer/aptos_service.go, around lines 215–217, replace:
if enqueueErr != nil {
    s.logger.Errorw("SubmitTransaction: EnqueueWithEntryFunction failed", "txID", txID, "error", enqueueErr)
    return nil, fmt.Errorf("failed to enqueue transaction: %w", enqueueErr)
}

with a version that logs without the error object, e.g.:

if enqueueErr != nil {
    s.logger.Errorw("SubmitTransaction: EnqueueWithEntryFunction failed", "txID", txID)
    return nil, fmt.Errorf("failed to enqueue transaction: %w", enqueueErr)
}

This preserves behavior for callers (the returned error is unchanged) but ensures that potentially sensitive content in enqueueErr is not written to logs.

No new imports or helper methods are required.

Suggested changeset 1
relayer/aptos_service.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/relayer/aptos_service.go b/relayer/aptos_service.go
--- a/relayer/aptos_service.go
+++ b/relayer/aptos_service.go
@@ -213,7 +213,7 @@
 		// TODO: add expected simulation failures to save gas on reported transmissions
 	)
 	if enqueueErr != nil {
-		s.logger.Errorw("SubmitTransaction: EnqueueWithEntryFunction failed", "txID", txID, "error", enqueueErr)
+		s.logger.Errorw("SubmitTransaction: EnqueueWithEntryFunction failed", "txID", txID)
 		return nil, fmt.Errorf("failed to enqueue transaction: %w", enqueueErr)
 	}
 	s.logger.Infow("SubmitTransaction: enqueued successfully", "txID", txID)
EOF
@@ -213,7 +213,7 @@
// TODO: add expected simulation failures to save gas on reported transmissions
)
if enqueueErr != nil {
s.logger.Errorw("SubmitTransaction: EnqueueWithEntryFunction failed", "txID", txID, "error", enqueueErr)
s.logger.Errorw("SubmitTransaction: EnqueueWithEntryFunction failed", "txID", txID)
return nil, fmt.Errorf("failed to enqueue transaction: %w", enqueueErr)
}
s.logger.Infow("SubmitTransaction: enqueued successfully", "txID", txID)
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Fletch153 Fletch153 Awaiting requested review from Fletch153

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yashnevatia