Fix possible race condition in read/write of retained encryption key

oasisprotocol · Feb 1, 2025 · 330eb29 · 330eb29
1 parent 65616b7
commit 330eb29
Showing 1 changed file with 23 additions and 18 deletions.
diff --git a/src/app/state/persist/saga.ts b/src/app/state/persist/saga.ts
@@ -220,8 +220,30 @@ function* encryptAndPersistState(action: AnyAction) {
 }
 
 function* retainEncryptionKeyBetweenPopupReopenings() {
-  if (runtimeIs !== 'extension') return
   yield* fork(function* () {
+    if (runtimeIs !== 'extension') return
+
+    // Read before rewriting.
+    const encryptedState = window.localStorage.getItem(
+      STORAGE_FIELD,
+    ) as EncryptedString<PersistedRootState> | null
+    if (encryptedState) {
+      try {
+        const stringifiedEncryptionKey = yield* call(readSharedExtMemory)
+        if (!stringifiedEncryptionKey) throw new Error('skip')
+        if (stringifiedEncryptionKey === 'skipped') throw new Error('skip')
+        const keyWithSalt: KeyWithSalt = fromBase64andParse(stringifiedEncryptionKey)
+        const persistedRootState = yield* call(
+          decryptWithKey<PersistedRootState>,
+          keyWithSalt,
+          encryptedState,
+        )
+        yield* put(persistActions.setUnlockedRootState({ persistedRootState, stringifiedEncryptionKey }))
+      } catch (error) {
+        // Ignore
+      }
+    }
+
     const channelQueue = yield* actionChannel<AnyAction>('*')
     let previousStringifiedEncryptionKey: PersistState['stringifiedEncryptionKey'] = undefined
     while (true) {
@@ -233,23 +255,6 @@ function* retainEncryptionKeyBetweenPopupReopenings() {
       }
     }
   })
-
-  yield* fork(function* () {
-    const encryptedState = window.localStorage.getItem(
-      STORAGE_FIELD,
-    ) as EncryptedString<PersistedRootState> | null
-    if (!encryptedState) return // Ignore
-    try {
-      const stringifiedEncryptionKey = yield* call(readSharedExtMemory)
-      if (!stringifiedEncryptionKey) return // Ignore
-      if (stringifiedEncryptionKey === 'skipped') return // Ignore
-      const keyWithSalt: KeyWithSalt = fromBase64andParse(stringifiedEncryptionKey)
-      const persistedRootState = yield* call(decryptWithKey<PersistedRootState>, keyWithSalt, encryptedState)
-      yield* put(persistActions.setUnlockedRootState({ persistedRootState, stringifiedEncryptionKey }))
-    } catch (error) {
-      // Ignore
-    }
-  })
 }
 
 async function writeSharedExtMemory(stringifiedEncryptionKey: PersistState['stringifiedEncryptionKey']) {