Skip to content

Adding aptos service implementation#340

Draft
yashnevatia wants to merge 16 commits intodevelopfrom
aptos-service
Draft

Adding aptos service implementation#340
yashnevatia wants to merge 16 commits intodevelopfrom
aptos-service

Conversation

@yashnevatia
Copy link

@yashnevatia yashnevatia commented Feb 16, 2026
edited
Loading

@yashnevatia yashnevatia requested a review from a team as a code owner February 16, 2026 16:47
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 16, 2026
View reviewed changes
relayer/aptos_service.go

balance, err := client.AccountAPTBalance(addr)
if err != nil {
s.logger.Warnw("failed to get balance for account, skipping", "account", account, "address", addr.String(), "error", err)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

Sensitive data returned by an access to authKey
Loading
flows to a logging call.

Copilot Autofix

AI 3 days ago

General approach: avoid logging the potentially sensitive authKey/account address in clear text. Keep logging contextual, non-sensitive data (e.g., the public-key identifier or error) while omitting or redacting the address. Since the functional behavior of the method is independent of logging, we can safely adjust the log message without changing logic.

Best targeted fix: in relayer/aptos_service.go, inside getAccountWithHighestBalance, modify the warning log in the error path of client.AccountAPTBalance(addr) so it no longer logs addr.String(). We can either remove the "address" field entirely or replace it with a redacted placeholder. To be conservative and minimize code changes, we’ll just drop the "address", addr.String() pair. The rest of the log (account identifier and error) remains, so operational debugging is still possible.

Concrete changes:

  • File: relayer/aptos_service.go
    • In getAccountWithHighestBalance, adjust line 249 so that the Warnw call does not include addr.String().
    • No new imports, methods, or types are required.
    • No changes are needed in relayer/utils/address.go, since the issue is at the logging sink.
Suggested changeset 1
relayer/aptos_service.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/relayer/aptos_service.go b/relayer/aptos_service.go
--- a/relayer/aptos_service.go
+++ b/relayer/aptos_service.go
@@ -246,7 +246,7 @@
 
 		balance, err := client.AccountAPTBalance(addr)
 		if err != nil {
-			s.logger.Warnw("failed to get balance for account, skipping", "account", account, "address", addr.String(), "error", err)
+			s.logger.Warnw("failed to get balance for account, skipping", "account", account, "error", err)
 			continue
 		}
 
EOF
@@ -246,7 +246,7 @@

balance, err := client.AccountAPTBalance(addr)
if err != nil {
s.logger.Warnw("failed to get balance for account, skipping", "account", account, "address", addr.String(), "error", err)
s.logger.Warnw("failed to get balance for account, skipping", "account", account, "error", err)
continue
}

Copilot is powered by AI and may make mistakes. Always verify output.
@yashnevatia yashnevatia marked this pull request as draft March 5, 2026 18:51
@yashnevatia yashnevatia requested a review from Fletch153 March 6, 2026 10:09
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 6, 2026
View reviewed changes
relayer/txm/txm.go

acc := utils.Ed25519PublicKeyToAddress(ed25519PublicKey)
fromAddress := acc.String()
a.baseLogger.Infow("TestingAptosWriteCap: EnqueueCRE - resolved from address", "fromAddress", fromAddress)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

Sensitive data returned by an access to authKey
Loading
flows to a logging call.

Copilot Autofix

AI 3 days ago

Copilot could not generate an autofix suggestion

Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.

relayer/txm/txm.go
fromAccountAddress := &aptos.AccountAddress{}
err = fromAccountAddress.ParseStringRelaxed(fromAddress)
if err != nil {
a.baseLogger.Errorw("TestingAptosWriteCap: EnqueueCRE - failed to parse from address", "fromAddress", fromAddress, "error", err)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

Sensitive data returned by an access to authKey
Loading
flows to a logging call.

Copilot Autofix

AI 3 days ago

In general, to fix clear-text logging of sensitive information, avoid sending full sensitive values (keys, tokens, auth-related IDs) directly to logging sinks. Instead, either omit them entirely, or log only non-sensitive derivatives (like hashes) or redacted forms (like the last few characters) that are sufficient for correlation and debugging without revealing the full value.

In this case, fromAddress is derived from the auth key and then logged twice: once at info level when resolved, and once in the error log if parsing fails. To retain debuggability while avoiding full clear-text exposure, we can log a redacted version of the address (for example, log only the first 6 and last 4 hex characters) under a different key, such as "fromAddressSuffix" or "fromAddressRedacted". This keeps the logs useful to correlate which address caused an error, but prevents dumping the entire address. Concretely, in relayer/txm/txm.go we should replace the Infow and Errorw calls that pass "fromAddress", fromAddress with ones that pass a redacted representation, implemented inline (simple string slicing) so we don't need new imports or utilities. No other functional behavior of the transaction manager or address utilities needs to change.

Specifically:

  • In relayer/txm/txm.go, around lines 279–286:
    • After computing fromAddress := acc.String(), derive a redacted form (e.g., fromAddressRedacted := redactAddress(fromAddress) implemented inline as local logic).
    • Update the Infow call at line 281 to log "fromAddressRedacted", fromAddressRedacted instead of the full fromAddress.
    • Update the Errorw call at line 286 to log the same redacted address instead of the full fromAddress.
      Because we cannot assume other parts of the file, we'll implement the redaction logic directly in the function body as a small helper closure or simple inline code, avoiding new package-level functions and imports.
Suggested changeset 1
relayer/txm/txm.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/relayer/txm/txm.go b/relayer/txm/txm.go
--- a/relayer/txm/txm.go
+++ b/relayer/txm/txm.go
@@ -278,12 +278,20 @@
 
 	acc := utils.Ed25519PublicKeyToAddress(ed25519PublicKey)
 	fromAddress := acc.String()
-	a.baseLogger.Infow("TestingAptosWriteCap: EnqueueCRE - resolved from address", "fromAddress", fromAddress)
 
+	// Redact fromAddress in logs to avoid writing full auth-derived address in clear text.
+	fromAddressRedacted := fromAddress
+	if len(fromAddress) > 10 {
+		// keep first 6 and last 4 characters for correlation
+		fromAddressRedacted = fromAddress[:6] + "..." + fromAddress[len(fromAddress)-4:]
+	}
+
+	a.baseLogger.Infow("TestingAptosWriteCap: EnqueueCRE - resolved from address", "fromAddressRedacted", fromAddressRedacted)
+
 	fromAccountAddress := &aptos.AccountAddress{}
 	err = fromAccountAddress.ParseStringRelaxed(fromAddress)
 	if err != nil {
-		a.baseLogger.Errorw("TestingAptosWriteCap: EnqueueCRE - failed to parse from address", "fromAddress", fromAddress, "error", err)
+		a.baseLogger.Errorw("TestingAptosWriteCap: EnqueueCRE - failed to parse from address", "fromAddressRedacted", fromAddressRedacted, "error", err)
 		return fmt.Errorf("failed to parse from address: %+w", err)
 	}
 
EOF
@@ -278,12 +278,20 @@

acc := utils.Ed25519PublicKeyToAddress(ed25519PublicKey)
fromAddress := acc.String()
a.baseLogger.Infow("TestingAptosWriteCap: EnqueueCRE - resolved from address", "fromAddress", fromAddress)

// Redact fromAddress in logs to avoid writing full auth-derived address in clear text.
fromAddressRedacted := fromAddress
if len(fromAddress) > 10 {
// keep first 6 and last 4 characters for correlation
fromAddressRedacted = fromAddress[:6] + "..." + fromAddress[len(fromAddress)-4:]
}

a.baseLogger.Infow("TestingAptosWriteCap: EnqueueCRE - resolved from address", "fromAddressRedacted", fromAddressRedacted)

fromAccountAddress := &aptos.AccountAddress{}
err = fromAccountAddress.ParseStringRelaxed(fromAddress)
if err != nil {
a.baseLogger.Errorw("TestingAptosWriteCap: EnqueueCRE - failed to parse from address", "fromAddress", fromAddress, "error", err)
a.baseLogger.Errorw("TestingAptosWriteCap: EnqueueCRE - failed to parse from address", "fromAddressRedacted", fromAddressRedacted, "error", err)
return fmt.Errorf("failed to parse from address: %+w", err)
}

Copilot is powered by AI and may make mistakes. Always verify output.
relayer/txm/txm.go

select {
case a.broadcastChan <- transactionID:
ctxLogger.Infow("TestingAptosWriteCap: EnqueueCRE - tx enqueued to broadcast channel", "fromAddr", fromAddress, "transactionID", transactionID)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

Sensitive data returned by an access to authKey
Loading
flows to a logging call.

Copilot Autofix

AI 3 days ago

General fix: avoid logging the full value derived from authKey (fromAddress) in clear text. Either do not log it at all, or log only a redacted/hashed version that is not useful to an attacker but still allows operators to correlate events.

Best concrete fix here:

  • Replace the info log that prints "fromAddress" (line 281) with a version that logs a redacted form of the address (e.g., first 6 and last 4 characters, or just a hash).
  • In the ctxLogger.Infow call on line 325, stop logging fromAddr entirely (or also use the redacted value). Since the AptosTx is already stored with FromAddress, operators can still correlate by transactionID without needing the raw address in logs.
  • Implement a small helper function in relayer/utils/address.go to redact an address string, and use that in txm.go. This keeps redaction logic centralized and reusable.
  • Add no new external dependencies; use only standard string operations.

Specifically:

  • In relayer/utils/address.go, add a RedactAddressString(addr string) string helper that returns a partially masked address (if the string is long enough) or a constant like "[redacted]" if not.
  • In relayer/txm/txm.go:
    • After computing fromAddress, compute redactedFromAddress := utils.RedactAddressString(fromAddress) and log only the redacted value in the "resolved from address" log.
    • In the ctxLogger.Infow("...tx enqueued..." call, replace "fromAddr", fromAddress with "fromAddr", redactedFromAddress.

This preserves existing behavior except for the content of logs, and avoids emitting the full auth-derived address.

Suggested changeset 2
relayer/txm/txm.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/relayer/txm/txm.go b/relayer/txm/txm.go
--- a/relayer/txm/txm.go
+++ b/relayer/txm/txm.go
@@ -278,7 +278,8 @@
 
 	acc := utils.Ed25519PublicKeyToAddress(ed25519PublicKey)
 	fromAddress := acc.String()
-	a.baseLogger.Infow("TestingAptosWriteCap: EnqueueCRE - resolved from address", "fromAddress", fromAddress)
+	redactedFromAddress := utils.RedactAddressString(fromAddress)
+	a.baseLogger.Infow("TestingAptosWriteCap: EnqueueCRE - resolved from address", "fromAddress", redactedFromAddress)
 
 	fromAccountAddress := &aptos.AccountAddress{}
 	err = fromAccountAddress.ParseStringRelaxed(fromAddress)
@@ -322,7 +323,7 @@
 
 	select {
 	case a.broadcastChan <- transactionID:
-		ctxLogger.Infow("TestingAptosWriteCap: EnqueueCRE - tx enqueued to broadcast channel", "fromAddr", fromAddress, "transactionID", transactionID)
+		ctxLogger.Infow("TestingAptosWriteCap: EnqueueCRE - tx enqueued to broadcast channel", "fromAddr", redactedFromAddress, "transactionID", transactionID)
 	default:
 		// if the channel is full, we drop the transaction.
 		// we do this instead of setting the tx in `a.transactions` post-broadcast to avoid a race
EOF
@@ -278,7 +278,8 @@

acc := utils.Ed25519PublicKeyToAddress(ed25519PublicKey)
fromAddress := acc.String()
a.baseLogger.Infow("TestingAptosWriteCap: EnqueueCRE - resolved from address", "fromAddress", fromAddress)
redactedFromAddress := utils.RedactAddressString(fromAddress)
a.baseLogger.Infow("TestingAptosWriteCap: EnqueueCRE - resolved from address", "fromAddress", redactedFromAddress)

fromAccountAddress := &aptos.AccountAddress{}
err = fromAccountAddress.ParseStringRelaxed(fromAddress)
@@ -322,7 +323,7 @@

select {
case a.broadcastChan <- transactionID:
ctxLogger.Infow("TestingAptosWriteCap: EnqueueCRE - tx enqueued to broadcast channel", "fromAddr", fromAddress, "transactionID", transactionID)
ctxLogger.Infow("TestingAptosWriteCap: EnqueueCRE - tx enqueued to broadcast channel", "fromAddr", redactedFromAddress, "transactionID", transactionID)
default:
// if the channel is full, we drop the transaction.
// we do this instead of setting the tx in `a.transactions` post-broadcast to avoid a race
relayer/utils/address.go
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/relayer/utils/address.go b/relayer/utils/address.go
--- a/relayer/utils/address.go
+++ b/relayer/utils/address.go
@@ -30,6 +30,26 @@
 	return aptos.AccountAddress(authKey)
 }
 
+// RedactAddressString returns a redacted representation of an address string suitable for logging.
+// It avoids exposing the full authKey-derived address in clear text logs while still allowing
+// basic correlation and debugging.
+func RedactAddressString(addr string) string {
+	const redactedPlaceholder = "[redacted]"
+	if len(addr) <= 10 {
+		// Too short to safely show parts; just indicate redacted.
+		return redactedPlaceholder
+	}
+
+	prefixLen := 6
+	suffixLen := 4
+	if len(addr) < prefixLen+suffixLen {
+		// Fallback in unusual cases.
+		return redactedPlaceholder
+	}
+
+	return addr[:prefixLen] + "..." + addr[len(addr)-suffixLen:]
+}
+
 func HexPublicKeyToAddress(key string) (aptos.AccountAddress, error) {
 	publicKey, err := HexPublicKeyToEd25519PublicKey(key)
 	if err != nil {
EOF
@@ -30,6 +30,26 @@
return aptos.AccountAddress(authKey)
}

// RedactAddressString returns a redacted representation of an address string suitable for logging.
// It avoids exposing the full authKey-derived address in clear text logs while still allowing
// basic correlation and debugging.
func RedactAddressString(addr string) string {
const redactedPlaceholder = "[redacted]"
if len(addr) <= 10 {
// Too short to safely show parts; just indicate redacted.
return redactedPlaceholder
}

prefixLen := 6
suffixLen := 4
if len(addr) < prefixLen+suffixLen {
// Fallback in unusual cases.
return redactedPlaceholder
}

return addr[:prefixLen] + "..." + addr[len(addr)-suffixLen:]
}

func HexPublicKeyToAddress(key string) (aptos.AccountAddress, error) {
publicKey, err := HexPublicKeyToEd25519PublicKey(key)
if err != nil {
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Fletch153 Fletch153 Awaiting requested review from Fletch153

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yashnevatia