Skip to content

fix(sdk-core): throw NeedUserSignupError when shareWallet recipient pubkey is missing#9214

Draft
bitgo-ai-agent-dev[bot] wants to merge 1 commit into
masterfrom
pol-41-fix-share-wallet-missing-pubkey
Draft

fix(sdk-core): throw NeedUserSignupError when shareWallet recipient pubkey is missing#9214
bitgo-ai-agent-dev[bot] wants to merge 1 commit into
masterfrom
pol-41-fix-share-wallet-missing-pubkey

Conversation

@bitgo-ai-agent-dev

Copy link
Copy Markdown

What

  • In shareWallet() (modules/sdk-core/src/bitgo/wallet/wallet.ts), added a guard that throws NeedUserSignupError when the recipient's pubkey is absent from the /user/sharingkey API response and a spend-permission keychain is required
  • Added two unit tests covering the missing-pubkey case: one for spend shares (must error) and one for view-only shares (must succeed without a pubkey)

Why

  • Coinlist customer (johng@coinlist.co) was unable to share keys across ~61 wallets. The shareWallet() single-wallet path passed an undefined pubkey into the ECDH encryption step (Buffer.from(undefined, 'hex')), causing a cryptic failure that the UI surfaced as "wallet password incorrect" — a completely misleading message
  • The bulk-share path (createBulkWalletShare) already handled this correctly by throwing NeedUserSignupError when pubkey is absent. This fix brings shareWallet() into parity, so users receive a clear, actionable error: "the recipient must log in and complete account setup before keys can be shared"
  • The root cause is that the /user/sharingkey endpoint returns only { userId } (no pubkey/path) for users who have never completed ECDH key setup, regardless of whether they've ever logged in

Test plan

  • Unit tests: yarn unit-test --scope bitgo -- --grep "NeedUserSignupError"
  • Confirm shareWallet with a recipient who has no pubkey now throws NeedUserSignupError instead of an incorrect-password error
  • Confirm view-only shares still work when recipient has no pubkey (no keychain needed)

Ticket: POL-41

…issing

In shareWallet(), when needsKeychain is true and the recipient has never
logged in (so /user/sharingkey returns no pubkey), the undefined pubkey
was silently passed into prepareSharedKeychain() → encryptPrvForUser() →
Buffer.from(undefined, 'hex'), causing a cryptic error that the UI
surfaced as "wallet password incorrect".

The bulk sharing path (createBulkWalletShare) already handled this by
throwing NeedUserSignupError when pubkey is absent. Apply the same guard
to the single-wallet shareWallet() path so callers receive a clear,
actionable error indicating the recipient must complete account setup
before keys can be shared.

Also add two unit tests:
- verifies NeedUserSignupError is thrown when pubkey is missing and
  spend permission is requested
- verifies view-only shares (no spend permission) succeed even when
  pubkey is absent (no keychain needed for view shares)

Ticket: POL-41
Session-Id: 963e6992-8423-4bd9-a7b7-06c6352ab017
Task-Id: 80a26fb6-aef8-4b14-868b-d2cb5259805a
@linear-code

linear-code Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

POL-41

@bitgo-ai-agent-dev bitgo-ai-agent-dev Bot force-pushed the pol-41-fix-share-wallet-missing-pubkey branch from fd2c4df to 9549422 Compare July 8, 2026 19:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant