Skip to content

Constant time password comparison#2120

Merged
KoalaSat merged 2 commits intoRoboSats:mainfrom
aftermath2:constant_time_password_comparison
Jul 28, 2025
Merged

Constant time password comparison#2120
KoalaSat merged 2 commits intoRoboSats:mainfrom
aftermath2:constant_time_password_comparison

Conversation

@aftermath2
Copy link
Contributor

@aftermath2 aftermath2 commented Jul 27, 2025

What does this PR do?

Fixes #2119

Replaces a standard string comparison with hmac.compare_digest to ensure that the comparison takes the same amount of time regardless of whether the values match or not, making it safer for cryptographic purposes and preventing timing attacks.

Tests

Logs 
$ docker exec test-coordinator coverage run manage.py test
Creating test database for alias 'default'...
Found 62 test(s).
System check identified no issues (0 silenced).
..................Updating order with new Locked bond from maker
Could not fetch BTC prices from https://criptoya.com/api/btc: Expecting value: line 1 column 1 (char 0)
Regtest network was already ready. Skipping initalization.
2025-07-27 19:43:15.795311+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '762929db5f7262eeb2d9576addfddb3705718c09aef2606667676ec51aafca9d', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.11715364456176758}
..Updating order with new Locked bond from maker
2025-07-27 19:43:16.567900+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '132cae70bd10c8814c747f629b08a06bab528bf337c19bb0fe5593b416cb0667', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.037688493728637695}
.Updating order with new Locked bond from maker
2025-07-27 19:43:17.174245+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': 'fc3773f939e8f947919fc1bf226477840dae97c7de3063774b14814e4de161b8', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.023400068283081055}
.Updating order with new Locked bond from maker
2025-07-27 19:43:17.945040+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '4077c7e5dc585e8e0602bed6c8d50f6b92e517c71f413af8ad5e8ea2eac8895f', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.06824254989624023}
.Updating order with new Locked bond from maker
2025-07-27 19:43:18.979802+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '5174dcdf241c0fae7abb03c10d62a106bb6fa69f7c64a79dc00b6fa2d53a4106', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.08048677444458008}
.Updating order with new Locked bond from maker
2025-07-27 19:43:19.648293+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '2e269df169b2aabdd0f31a8b8b83dd733fcf13083f3075375df4ad1db9fdd1bd', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.03677654266357422}
.Updating order with new Locked bond from maker
2025-07-27 19:43:20.503885+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': 'b4581acf367906c0b7743896977fa2e8dd09dfca358d33424624bdb4f65a067a', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.06798768043518066}
.Updating order with new Locked bond from maker
2025-07-27 19:43:21.554214+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '0f849a3eff2753c153f87589be5fe5741ccae2733b94a81493131e95d78cfe59', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.043222665786743164}
Updating order with new Locked bond from taker
2025-07-27 19:43:22.317709+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': '8efbee3fea04b1e38992040c39e9d4604b24fb50a8b236d5f4e4364cfb6d3d02', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.14063239097595215}
Updating order with new Locked escrow
2025-07-27 19:43:22.708581+00:00
{'num_active_invoices': 2, 'invoices': [{1: {'payment_hash': 'd86c7f87b9ce1d6ad338ed0eaf4b7c7d74c7e1c26b8485d0bbe7e99b6162bde8', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.04963970184326172}
.Updating order with new Locked bond from maker
2025-07-27 19:43:26.348568+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '3aa34d6cdf3cf9a43f96c4f8981390aeb4e0255c64d1f88c999513fe8f3947ef', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.02708911895751953}
Updating order with new Locked bond from taker
2025-07-27 19:43:27.061543+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': '7c646d243cd9f634b9a5145e171c290a94c37deb74d181410d608a48d4bde670', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.1088712215423584}
Updating order with new Locked escrow
2025-07-27 19:43:27.708121+00:00
{'num_active_invoices': 2, 'invoices': [{1: {'payment_hash': 'd816e2f4861f13916f55a72dcdd4a64cb0491b315d2091f4d9d325a1b80ce803', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.14364314079284668}
../usr/local/lib/python3.13/site-packages/django/db/models/fields/__init__.py:1665: RuntimeWarning: DateTimeField Order.expires_at received a naive datetime (2025-07-27 19:43:29.313349) while time zone support is active.
  warnings.warn(
2025-07-27 19:43:29.345667+00:00
{'num_expired_orders': 1, 'expired_orders': [{0: 'Order 11: BUY BTC for 84.0-201.7 USD was Waiting for maker bond'}], 'failed_order_expiry': [], 'reason_failure': []}
.Updating order with new Locked bond from maker
2025-07-27 19:43:29.999815+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '7aa987f191a45ff8dfd51054816a989c62c1bfff6a35de02839d4e0848e151c5', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.07888126373291016}
Updating order with new Locked bond from taker
2025-07-27 19:43:30.709028+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': 'f087793a5591cc1fa7d9d9a8e2fe8d8ad8672b09b65f46a4586f8e5f4f1e138d', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.08748602867126465}
Updating order with new Locked escrow
2025-07-27 19:43:31.075811+00:00
{'num_active_invoices': 2, 'invoices': [{1: {'payment_hash': 'ffeabf69f9e2f5fca21a0d62fe0f1c9c4d3b3188338d9adcad8030c8c215eb3a', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.01892876625061035}
Order: 12 IN_FLIGHT. Hash 883e6cbf134817aae345fa17e2e4f1c72317b132150545b48e0a7a339d4e2ec8
Order: 12 IN_FLIGHT. Hash 883e6cbf134817aae345fa17e2e4f1c72317b132150545b48e0a7a339d4e2ec8
Order: 12 SUCCEEDED. Hash: 883e6cbf134817aae345fa17e2e4f1c72317b132150545b48e0a7a339d4e2ec8
/usr/local/lib/python3.13/site-packages/django/db/models/fields/__init__.py:1606: RuntimeWarning: DateTimeField LNPayment.created_at received a naive datetime (2025-07-27 00:00:00) while time zone support is active.
  warnings.warn(
/usr/local/lib/python3.13/site-packages/django/db/models/fields/__init__.py:1606: RuntimeWarning: DateTimeField LNPayment.created_at received a naive datetime (2025-07-28 00:00:00) while time zone support is active.
  warnings.warn(
/usr/local/lib/python3.13/site-packages/django/db/models/fields/__init__.py:1606: RuntimeWarning: DateTimeField OnchainPayment.created_at received a naive datetime (2025-07-27 00:00:00) while time zone support is active.
  warnings.warn(
/usr/local/lib/python3.13/site-packages/django/db/models/fields/__init__.py:1606: RuntimeWarning: DateTimeField OnchainPayment.created_at received a naive datetime (2025-07-28 00:00:00) while time zone support is active.
  warnings.warn(
/usr/local/lib/python3.13/site-packages/django/db/models/fields/__init__.py:1606: RuntimeWarning: DateTimeField MarketTick.timestamp received a naive datetime (2025-07-27 00:00:00) while time zone support is active.
  warnings.warn(
/usr/local/lib/python3.13/site-packages/django/db/models/fields/__init__.py:1606: RuntimeWarning: DateTimeField MarketTick.timestamp received a naive datetime (2025-07-28 00:00:00) while time zone support is active.
  warnings.warn(
/usr/local/lib/python3.13/site-packages/django/db/models/fields/__init__.py:1606: RuntimeWarning: DateTimeField AccountingDay.day received a naive datetime (2025-07-27 00:00:00) while time zone support is active.
  warnings.warn(
.Updating order with new Locked bond from maker
2025-07-27 19:43:32.653669+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '302465bf515b1828421ecb3a552bf6c5dfed77151240129982e27559d86832f3', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.07532382011413574}
Updating order with new Locked bond from taker
2025-07-27 19:43:33.386778+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': '871cdb3509928f83f0c0f7c08eaaebe0fadd7eea1e311865be8176aa1280d86f', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.07683634757995605}
Updating order with new Locked escrow
2025-07-27 19:43:33.689183+00:00
{'num_active_invoices': 2, 'invoices': [{1: {'payment_hash': '87b0a73112b3934ff687825bd58735e5a7db53ba3c26638577b617cfdbb7afb2', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.011678934097290039}
/usr/local/lib/python3.13/site-packages/django/db/models/fields/__init__.py:1665: RuntimeWarning: DateTimeField Order.expires_at received a naive datetime (2025-07-27 19:43:33.731104) while time zone support is active.
  warnings.warn(
2025-07-27 19:43:33.954013+00:00
{'num_expired_orders': 1, 'expired_orders': [{0: 'Order 13: BUY BTC for 100.0 USD was Waiting only for buyer invoice'}], 'failed_order_expiry': [], 'reason_failure': []}
2025-07-27 19:43:33.991441+00:00
{'num_expired_orders': 1, 'expired_orders': [{0: 'Order 13: BUY BTC for 100.0 USD was Waiting only for buyer invoice'}], 'failed_order_expiry': [], 'reason_failure': [], 'num_expired_take_orders': 1, 'expired_take_orders': [{0: 'Order 13 taken by Robot(30,UniformTownsman766) for 100.00000000 fiat units was expired'}], 'failed_take_order_expiry': [], 'reason_take_failure': []}
...Updating order with new Locked bond from maker
2025-07-27 19:43:34.879584+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '19edc57ae3a66575653b038f55d0875119f23b304024671fee6d59b4f27ac7d6', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.05730152130126953}
Updating order with new Locked bond from taker
2025-07-27 19:43:35.506196+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': '5faab0c5f1efb95a21647551a5915325b4bb22bcf92b2dffe33965491e1a3f29', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.04871797561645508}
..Updating order with new Locked bond from maker
2025-07-27 19:43:37.266451+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': 'fc6bf5ef315bd700612cfd8940ac2aeb07f8945465af2063afd9b946c29b9a79', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.04326939582824707}
Updating order with new Locked bond from taker
2025-07-27 19:43:37.879506+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': 'd687f007280f48804f1592d615de9cdd75d2769ad96221bcd2875f19d7e23153', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.10695791244506836}
.Updating order with new Locked bond from maker
2025-07-27 19:43:38.923209+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': 'bb59e987648b642bc92ab450409b0b3a0f25bab88af6b8adbe13869c27379112', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.09177541732788086}
Updating order with new Locked bond from taker
Expiring take_order because order was already taken
2025-07-27 19:43:39.949712+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': '5d2da6f97fe1c0b93465a2367512ac8db84ac7b84bf8c6eaeb0e1a51042805cc', 'old_status': 'Generated', 'new_status': 'Locked'}}, {1: {'payment_hash': 'd4470f17dd990cfd51ee441c84ec16916345a73bbe3979302f4e239770d06702', 'old_status': 'Generated', 'new_status': 'Cancelled'}}], 'time': 0.15703773498535156}
.Updating order with new Locked bond from maker
2025-07-27 19:43:40.881294+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '62a6dead8dc1434cd5c55324374369c06c40d465570b62dad3d0062148dc0e85', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.06864547729492188}
.Updating order with new Locked bond from maker
2025-07-27 19:43:41.815724+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': 'accd646e9d8e1dd0b0f78dc3c58f190e0972db9880ff66584d9ebb3ea8dc4550', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.03209853172302246}
.Updating order with new Locked bond from maker
2025-07-27 19:43:42.918310+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '6ef26e6a114d97cf4c7b7cd0eb52bed838971b56431dd2226a89dd04e6dbe13f', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.05992007255554199}
.Updating order with new Locked bond from maker
2025-07-27 19:43:43.983427+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '0a8f1a5a36f7d3125908b3235e62f767bd776d6d096b619d0bd8c6201400bad5', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.05778646469116211}
...Updating order with new Locked bond from maker
2025-07-27 19:43:45.182950+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': 'b333dc4bf4ef74b50b1cc307455167b7dab0a0ae229831891be78989dd1832dd', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.042330265045166016}
Updating order with new Locked bond from taker
2025-07-27 19:43:45.822780+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': 'd144585f8682ddfbab897e07d9dc1f9cbf16845048e42cfd21ea23e1cee0ed1e', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.07820558547973633}
Updating order with new Locked escrow
2025-07-27 19:43:46.201455+00:00
{'num_active_invoices': 2, 'invoices': [{1: {'payment_hash': '6ad0735df596ccd27e60a4f099d3b006796317b097b8a0362584153a8f0f0b39', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.026293516159057617}
/usr/local/lib/python3.13/site-packages/django/db/models/fields/__init__.py:1665: RuntimeWarning: DateTimeField Order.expires_at received a naive datetime (2025-07-27 19:43:47.528621) while time zone support is active.
  warnings.warn(
2025-07-27 19:43:57.415065+00:00
{'num_expired_orders': 1, 'expired_orders': [{0: 'Order 23: BUY BTC for 100.0 USD was Fiat sent - In chatroom'}], 'failed_order_expiry': [], 'reason_failure': []}
2025-07-27 19:43:57.445343+00:00
{'num_expired_orders': 1, 'expired_orders': [{0: 'Order 23: BUY BTC for 100.0 USD was Fiat sent - In chatroom'}], 'failed_order_expiry': [], 'reason_failure': [], 'num_expired_take_orders': 1, 'expired_take_orders': [{0: 'Order 23 taken by Robot(53,UniformTownsman766) for 100.00000000 fiat units was expired'}], 'failed_take_order_expiry': [], 'reason_take_failure': []}
.Updating order with new Locked bond from maker
2025-07-27 19:43:58.078921+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': 'f641d3644f47c6ea8d77afe48c46413c02d550ecfcd2946dfc318484846f0850', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.07221770286560059}
Updating order with new Locked bond from taker
2025-07-27 19:43:58.736655+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': '0d5f50baf77a8446e4173e525755ef7e4b761095dbf12a7274277c1f8d43b461', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.11298060417175293}
Updating order with new Locked escrow
2025-07-27 19:43:59.089078+00:00
{'num_active_invoices': 2, 'invoices': [{1: {'payment_hash': 'e9b2a24e987f96f9249d336dc5ddf25a45aaf45bed6e4a6c88049a140316a766', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.01647353172302246}
/usr/local/lib/python3.13/site-packages/django/db/models/fields/__init__.py:1665: RuntimeWarning: DateTimeField Order.expires_at received a naive datetime (2025-07-27 19:43:59.634860) while time zone support is active.
  warnings.warn(
2025-07-27 19:43:59.882412+00:00
{'num_expired_orders': 1, 'expired_orders': [{0: 'Order 24: BUY BTC for 100.0 USD was Sending fiat - In chatroom'}], 'failed_order_expiry': [], 'reason_failure': []}
2025-07-27 19:43:59.894444+00:00
{'num_expired_orders': 1, 'expired_orders': [{0: 'Order 24: BUY BTC for 100.0 USD was Sending fiat - In chatroom'}], 'failed_order_expiry': [], 'reason_failure': [], 'num_expired_take_orders': 1, 'expired_take_orders': [{0: 'Order 24 taken by Robot(56,UniformTownsman766) for 100.00000000 fiat units was expired'}], 'failed_take_order_expiry': [], 'reason_take_failure': []}
.Updating order with new Locked bond from maker
2025-07-27 19:44:00.476830+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': 'afc69d52f08888e1715f5c530c5335990469358f0774a7b7fce1fad8d95f1ffe', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.06531906127929688}
Updating order with new Locked bond from taker
2025-07-27 19:44:01.250508+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': '53aff4afa84721e736bd113d04fe46a71450392910ed213e71d91dff10a54742', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.08504986763000488}
Updating order with new Locked escrow
2025-07-27 19:44:01.617478+00:00
{'num_active_invoices': 2, 'invoices': [{1: {'payment_hash': '81fe7c4f80b3d1b2aa18d723bf8f9492f1a8e71b3dc80ea180ef04374f758c8d', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.03274798393249512}
/usr/local/lib/python3.13/site-packages/django/db/models/fields/__init__.py:1665: RuntimeWarning: DateTimeField Order.expires_at received a naive datetime (2025-07-27 19:44:02.194237) while time zone support is active.
  warnings.warn(
2025-07-27 19:44:02.460526+00:00
{'num_expired_orders': 1, 'expired_orders': [{0: 'Order 25: BUY BTC for 100.0 USD was Sending fiat - In chatroom'}], 'failed_order_expiry': [], 'reason_failure': []}
2025-07-27 19:44:02.499557+00:00
{'num_expired_orders': 1, 'expired_orders': [{0: 'Order 25: BUY BTC for 100.0 USD was Sending fiat - In chatroom'}], 'failed_order_expiry': [], 'reason_failure': [], 'num_expired_take_orders': 1, 'expired_take_orders': [{0: 'Order 25 taken by Robot(59,UniformTownsman766) for 100.00000000 fiat units was expired'}], 'failed_take_order_expiry': [], 'reason_take_failure': []}
.Updating order with new Locked bond from maker
2025-07-27 19:44:03.061585+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '931adaf94979ce7ba8d111d38ba0e3b67a75b919a3386510c45869d17b95b390', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.05055499076843262}
.Updating order with new Locked bond from maker
2025-07-27 19:44:03.767771+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '38b1319e104f7cd38d60bcb17dd1bc42ebe38cf0f55d0f487e9712c0bfef5651', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.04882073402404785}
/usr/local/lib/python3.13/site-packages/django/db/models/fields/__init__.py:1665: RuntimeWarning: DateTimeField Order.expires_at received a naive datetime (2025-07-27 19:44:03.834715) while time zone support is active.
  warnings.warn(
2025-07-27 19:44:04.020598+00:00
{'num_expired_orders': 1, 'expired_orders': [{0: 'Order 27: BUY BTC for 84.0-201.7 USD was Public'}], 'failed_order_expiry': [], 'reason_failure': []}
.Updating order with new Locked bond from maker
2025-07-27 19:44:04.635897+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '63de7994ec09b805cf9f8bb7d1b7f7fc0e7ea20e6abaec6005c70e8011156901', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.04338383674621582}
.Updating order with new Locked bond from maker
2025-07-27 19:44:05.475539+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '7226a03d6b48642cd3694be57d62a63fb74c4385b35ba4d2781c8a797f3f544d', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.059076547622680664}
Updating order with new Locked bond from taker
2025-07-27 19:44:06.215529+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': '44dff3a7acf2aefd709cfe5802cf702452508ea9d42ce83c5112e99639763048', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.08743596076965332}
Updating order with new Locked escrow
2025-07-27 19:44:06.599249+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': 'b6c379029c6c05e1559006f913e6fa76f27bcbccfe7c3466cd121ed797bfbe0a', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.027541399002075195}
Mining 1 blocks
.Updating order with new Locked bond from maker
2025-07-27 19:44:08.095135+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '0d70eaaf402e0114a106a593b85617bbcba620cd08a40224bfbdb10c28594fa2', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.08673405647277832}
Updating order with new Locked bond from taker
2025-07-27 19:44:08.779434+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': '9f9a16613102ed48fdd39fe0b00db3859075238229bec5c6ade57ccf3ff0aee1', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.12199163436889648}
Updating order with new Locked escrow
2025-07-27 19:44:09.144565+00:00
{'num_active_invoices': 2, 'invoices': [{1: {'payment_hash': '1505a7adf812b5dddb397bf0c0f99569cfafc820453eb1bcdbf9c7443ce7250c', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.03459525108337402}
Order: 30 IN_FLIGHT. Hash b3c09432f3e3f0ee0f8689350c6136902e22260ec2d28e0d49a90496dfcd51fe
Order: 30 IN_FLIGHT. Hash b3c09432f3e3f0ee0f8689350c6136902e22260ec2d28e0d49a90496dfcd51fe
Order: 30 SUCCEEDED. Hash: b3c09432f3e3f0ee0f8689350c6136902e22260ec2d28e0d49a90496dfcd51fe
.Updating order with new Locked bond from maker
2025-07-27 19:44:10.734686+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '354239d34df08e5026b9fc2703dd158888b571d4b90628d9edab4b0eaa36dede', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.06576013565063477}
Updating order with new Locked bond from taker
2025-07-27 19:44:11.398815+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': '11cf04ff1908e1a3ce0ef7189263f80321fbd461ac6d9c8f41067e143d5d6b30', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.06558823585510254}
Updating order with new Locked escrow
2025-07-27 19:44:11.749589+00:00
{'num_active_invoices': 2, 'invoices': [{1: {'payment_hash': '5406bd8ff5059aeacbc25bf0b78b6fa74a57a632db78ada6a606e05ec69a808d', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.031087636947631836}
Mining 1 blocks
Waiting for robot node chain sync 0s.Updating order with new Locked bond from maker
2025-07-27 19:44:13.454343+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '52d5f1213d7f21d78278b518079fbeb767cb0d1d3a64edde503bebc92ddf279e', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.02405571937561035}
Updating order with new Locked bond from taker
2025-07-27 19:44:14.091512+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': 'cd6aa63c1edbdca966e1c00fee150d60188ec92a5c01fa3a63f12122001c8f1e', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.09955787658691406}
/usr/local/lib/python3.13/site-packages/django/db/models/fields/__init__.py:1665: RuntimeWarning: DateTimeField Order.expires_at received a naive datetime (2025-07-27 19:44:14.166920) while time zone support is active.
  warnings.warn(
/usr/local/lib/python3.13/site-packages/django/db/models/fields/__init__.py:1665: RuntimeWarning: DateTimeField TakeOrder.expires_at received a naive datetime (2025-07-27 19:44:14.169324) while time zone support is active.
  warnings.warn(
2025-07-27 19:44:14.246271+00:00
{'num_expired_orders': 1, 'expired_orders': [{0: 'Order 32: BUY BTC for 100.0 USD was Waiting for trade collateral and buyer invoice'}], 'failed_order_expiry': [], 'reason_failure': []}
2025-07-27 19:44:14.320133+00:00
{'num_expired_orders': 1, 'expired_orders': [{0: 'Order 32: BUY BTC for 100.0 USD was Waiting for trade collateral and buyer invoice'}], 'failed_order_expiry': [], 'reason_failure': [], 'num_expired_take_orders': 1, 'expired_take_orders': [{0: 'Order 32 taken by Robot(75,UniformTownsman766) for 100.00000000 fiat units was expired'}], 'failed_take_order_expiry': [], 'reason_take_failure': []}
.Updating order with new Locked bond from maker
2025-07-27 19:44:14.979047+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': 'e51dc672d9ad5c0cab75a14144f27a630e42ae051b480748873ca32b2fa17d2f', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.04818272590637207}
Updating order with new Locked bond from taker
2025-07-27 19:44:15.616843+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': 'dffcebb32dc332adc0fe036026028a5450368e5177a911c472808d87b8705341', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.09237551689147949}
.Updating order with new Locked bond from maker
2025-07-27 19:44:16.376043+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': 'a4419559a23a00c3255651e65d45fb2d7b52fdf85e2ba6c5a14ff5e9a4926282', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.07500624656677246}
Updating order with new Locked bond from taker
2025-07-27 19:44:17.136649+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': '330a36b8e6cddcacbfe0b47f43c8eb9485cc2f492f2e0bfe3f9398ae2aa0787d', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.09503293037414551}
Updating order with new Locked escrow
2025-07-27 19:44:17.543709+00:00
{'num_active_invoices': 2, 'invoices': [{1: {'payment_hash': 'dc9976eb678a81ccdbb7a0200c6c0cb8f557986e6253d3b11a5098f669a54c5b', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.05434250831604004}
.Updating order with new Locked bond from maker
2025-07-27 19:44:19.010476+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': 'c09b83a8c1a3c5a38738a8813fe634602daadbfe930a69c99c71e9f6cda7a97b', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.05204463005065918}
Updating order with new Locked bond from taker
2025-07-27 19:44:19.732108+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': 'cbcbfe24559b363e0a09f41f88da27adc4b9dd0d1c04c88444ba812786afc395', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.11301994323730469}
Updating order with new Locked escrow
2025-07-27 19:44:20.072464+00:00
{'num_active_invoices': 2, 'invoices': [{1: {'payment_hash': '1397fdae0cf59b236f68a79fc0cb7c933c0dd2affeb566ac997a0e895abb9277', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.012841939926147461}
.Updating order with new Locked bond from maker
2025-07-27 19:44:21.525337+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '4e471e4396234826bc4523977036d995f30f36e275c076587f9f74cdc4202938', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.08519506454467773}
Updating order with new Locked bond from taker
2025-07-27 19:44:22.234652+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': '04095309cd1d11558e14832c3a19ab6068c4cf95151f946cae11df018c9184de', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.08293652534484863}
Updating order with new Locked escrow
2025-07-27 19:44:22.595549+00:00
{'num_active_invoices': 2, 'invoices': [{1: {'payment_hash': 'ab5f25a853682173b1fa273bbbcc34b13dc366a6b2a645fc74384df4c48c9d13', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.03576540946960449}
.Updating order with new Locked bond from maker
2025-07-27 19:44:23.234104+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '32d5d0b766e8eeeb59a8bb505e33ede8442cfda82c0ad8446446bce3ac1f0b2f', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.05173158645629883}
Updating order with new Locked bond from taker
2025-07-27 19:44:23.930298+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': 'a26b926e9e3fcb316f8c2145c1a774b3a3bf181019c4222dfc2b3478e7ccfd7d', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.09358739852905273}
Updating order with new Locked escrow
2025-07-27 19:44:24.278140+00:00
{'num_active_invoices': 2, 'invoices': [{1: {'payment_hash': '3562d759b2681a3419be4dd7fc75d104b610b19388ed1b5ae546242bdd6cf4c5', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.03530073165893555}
.Updating order with new Locked bond from maker
2025-07-27 19:44:26.311150+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '090e1798bc98a2e708b5ce414a9535047a1618710b63e62ad507ae179b310933', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.04192519187927246}
Updating order with new Locked bond from taker
2025-07-27 19:44:26.987220+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': '3b96af1edbf198c86c2e2df6b84d1f97ba3877e837bd1efbe637edc6f9119981', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.08519482612609863}
Updating order with new Locked escrow
2025-07-27 19:44:27.294610+00:00
{'num_active_invoices': 2, 'invoices': [{1: {'payment_hash': '9e0080365a32df2ff366f8e3a9406c41b78ee8d2338439b02b5e7b2b7e86198f', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.023740291595458984}
.Updating order with new Locked bond from maker
2025-07-27 19:44:28.534255+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': '79fc23fdad5af56279de1e380bf04c56fcb7411d3690094c21f9ed0c638b57c3', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.058408260345458984}
Updating order with new Locked bond from taker
2025-07-27 19:44:29.257773+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': '3d54f6eb5513cda0d3094eb089d27156485b01a0ae3b2976c0b044123d120703', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.08939456939697266}
.Updating order with new Locked bond from maker
2025-07-27 19:44:30.962212+00:00
{'num_active_invoices': 1, 'invoices': [{0: {'payment_hash': 'a8e3bf59231cf37ff4e5f03f8237f06b3a5731ba0c31567c9e0da573690de352', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.055193185806274414}
Updating order with new Locked bond from taker
2025-07-27 19:44:31.702051+00:00
{'num_active_invoices': 2, 'invoices': [{0: {'payment_hash': 'f3beac9b8f1e0f8c88ab6e2e049fde78fca6781f2d0ecf54c575fa5bcc2ab4b8', 'old_status': 'Generated', 'new_status': 'Locked'}}], 'time': 0.08140230178833008}
.
----------------------------------------------------------------------
Ran 62 tests in 83.334s

OK
Destroying test database for alias 'default'...

KoalaSat
KoalaSat reviewed Jul 27, 2025
View reviewed changes
Copy link
Member

@KoalaSat KoalaSat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome contribution thank you! Just a little request and we are done 👍

@aftermath2 aftermath2 force-pushed the constant_time_password_comparison branch from 4d54dab to 4a396a8 Compare July 28, 2025 07:04
KoalaSat
KoalaSat approved these changes Jul 28, 2025
View reviewed changes
Copy link
Member

@KoalaSat KoalaSat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a very welcomed improvement thanks! Please, accept a small tip for your work.

Paste here a LN invoice for 50,000 sats with a long expiration date.

@KoalaSat KoalaSat merged commit 1bf5df5 into RoboSats:main Jul 28, 2025
3 checks passed
@aftermath2
Copy link
Contributor Author

aftermath2 commented Jul 28, 2025

@KoalaSat Thank you!

lnbc500u1p5gwj7ksp57vvgrwnqhelgaq4gzrrsf9re7p3w8pdzz7cuhd4pmv54c9ec22cqpp5pqx04x4wcavzvce89y88pz7xu0ff5kz5dfnu5d6dzp7cuxl6gd8shp5uwcvgs5clswpfxhm7nyfjmaeysn6us0yvjdexn9yjkv3k7zjhp2sxq9z0rgqcqpnrzjqwghf7zxvfkxq5a6sr65g0gdkv768p83mhsnt0msszapamzx2qvuxr2whyqqyvqqqqqqqqqqqqqqqqqq9q9qxpqysgqettyky4hw9m4wl7ducelsnfslumgmgqsktydng6jt8lygjyt5phs6kzd4vgjtewjxe8alj3g6aw9prfh9ndhn852lgq8qykjtxez4wqqgc2vd7

@KoalaSat
Copy link
Member

KoalaSat commented Jul 28, 2025 

b91346d90416b913847a5a9dfc29afc22921a4b9ccb8a841996110493a2a9518

@aftermath2 aftermath2 deleted the constant_time_password_comparison branch July 28, 2025 10:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KoalaSat KoalaSat KoalaSat approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Protected orders are vulnerable to timing attacks

2 participants

@aftermath2 @KoalaSat