Skip to content

fix(sdk-core): throw NeedUserSignupError when recipient has no ECDH pubkey#9215

Draft
bitgo-ai-agent-dev[bot] wants to merge 1 commit into
masterfrom
abhishek/pol-41-wallet-share-missing-pubkey-error
Draft

fix(sdk-core): throw NeedUserSignupError when recipient has no ECDH pubkey#9215
bitgo-ai-agent-dev[bot] wants to merge 1 commit into
masterfrom
abhishek/pol-41-wallet-share-missing-pubkey-error

Conversation

@bitgo-ai-agent-dev

Copy link
Copy Markdown

What

  • In prepareSharedKeychain, add a guard that throws NeedUserSignupError when the recipient's ECDH pubkey is empty or missing but the wallet has an encrypted keychain to share
  • Pass recipientEmail through the call chain so the error message names the affected user
  • Add 3 tests covering: empty pubkey, missing pubkey, and view-only (no keychain needed — no error)

Why

  • CoinList users (johng@coinlist.co) were seeing a misleading "wallet password incorrect" error when trying to share 61 wallets with a recipient whose ECDH keychain was never initialized
  • Root cause: when /user/sharingkey returns an empty pubkey, the code decrypts the sharer's keychain successfully then passes an empty buffer to the ECDH function, which fails with a cryptographic assertion error — not a password error
  • The bulkShareWallet path already correctly throws NeedUserSignupError for this case; this aligns shareWallet with the same behavior
  • Cold wallets (no encryptedPrv) are unaffected — the check only fires after confirming there is a keychain to encrypt

Test plan

  • should throw NeedUserSignupError when recipient has no ECDH pubkey (spend permission) — empty pubkey
  • should throw NeedUserSignupError when recipient pubkey is missing (spend permission) — undefined pubkey
  • should not throw NeedUserSignupError when recipient has no pubkey but permission is view-only — no keychain path, succeeds
  • All 17 existing Wallet Sharing tests continue to pass
  • sdk-core TypeScript build is clean

Ticket: POL-41

…ubkey

When a user tries to share a wallet with a recipient whose ECDH keychain
has not been initialized (pubkey is empty or missing from getSharingKey
response), the previous code would proceed to decrypt the sharer's
keychain and then fail with a cryptographic assertion error. The UI
surface this as a misleading "wallet password incorrect" error.

The fix adds a pubkey presence check inside prepareSharedKeychain, after
confirming the wallet has an encrypted keychain to share. Cold wallets
(no encryptedPrv) still silently skip keychain sharing as before.

Ticket: POL-41
Session-Id: 2c2322e0-26a5-4458-974b-16c52d93e7e3
Task-Id: 372e9c2b-34e3-4aed-aaa1-62bc2c038f73
@linear-code

linear-code Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

POL-41

@bitgo-ai-agent-dev bitgo-ai-agent-dev Bot force-pushed the abhishek/pol-41-wallet-share-missing-pubkey-error branch from 3f6f77b to 85dccff Compare July 8, 2026 19:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant