Crash: SecurityScanner throws on Blockaid 'Simulation Error' response, kills main thread (#4334)#4336
Conversation
…ponse, kills main thread (#4334)
|
Warning Rate limit exceeded
To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
📝 WalkthroughWalkthroughRefactors scanner error handling to return a deterministic Changes
Sequence Diagram(s)sequenceDiagram
participant UI as User / UI
participant VM as KeysignViewModel
participant Scanner as SecurityScannerService
participant Blockaid as BlockaidExtensions
participant Mapper as SecurityScannerExtensions
UI->>VM: initiate pre-sign (start scan)
VM->>Scanner: request scan (transaction)
Scanner->>Blockaid: call Blockaid API & parse response
Blockaid->>Mapper: toSecurityScannerResult(response)
Mapper->>Mapper: map status -> if error log & return MEDIUM unavailable
Mapper-->>Scanner: SecurityScannerResult(MEDIUM, isSecure=false)
Scanner-->>VM: scan result
VM->>UI: update state (proceed or warn)
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Review rate limit: 0/1 reviews remaining, refill in 43 minutes and 26 seconds.Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In
`@data/src/main/kotlin/com/vultisig/wallet/data/securityscanner/SecurityScannerExtensions.kt`:
- Around line 15-25: The catch block in SecurityScannerExtensions.kt currently
swallows all Throwables (catch (t: Throwable)) and returns a fallback
SecurityScannerResult, which hides cancellation; update the handler to rethrow
CancellationException (or propagate it) before logging/returning the fallback so
coroutine cancellation is preserved—i.e., in the catch for Throwable check if t
is
java.util.concurrent.CancellationException/kotlinx.coroutines.CancellationException
and rethrow it, otherwise log with Timber.e(t, ...) and return the fallback
SecurityScannerResult as before (references: the catch block, Timber.e,
SecurityScannerResult, SecurityRiskLevel).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: edd5c2f5-3666-4cd6-a7ec-b949c9a6e70d
📒 Files selected for processing (3)
data/src/main/kotlin/com/vultisig/wallet/data/securityscanner/SecurityScannerExtensions.ktdata/src/main/kotlin/com/vultisig/wallet/data/securityscanner/blockaid/BlockaidExtensions.ktdata/src/test/kotlin/com/vultisig/wallet/data/securityscanner/blockaid/BlockaidExtensionsTest.kt
|
Picked up CodeRabbit feedback (actionable issues only, skipping nitpicks). Working on it. |
|
Picked up CodeRabbit feedback (actionable issues only, skipping nitpicks). Working on it. |
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
Added KDoc to the three public extension functions in the changed files (, , ) to address the Docstring Coverage pre-merge warning. |
|
Added KDoc to the three public extension functions in the changed files (isChainSupported, toSolanaSecurityScannerResult, toSecurityScannerResult) to address the Docstring Coverage pre-merge warning. |
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
app/src/main/java/com/vultisig/wallet/ui/models/keysign/KeysignViewModel.kt (1)
332-334: ⚡ Quick winSnapshot
missingPeersbefore writing state.Line 333 stores the callback list reference directly. If the source list is reused/mutated, UI state can drift unexpectedly. Store an immutable snapshot.
As per coding guidelines "Use StateFlow/MutableStateFlow for UI state in ViewModels with immutable Immutable data classes".Proposed fix
onWaitingForPeers = { missingPeers -> - currentState.value = KeysignState.WaitingForPeer(missingPeers) + currentState.value = + KeysignState.WaitingForPeer(missingPeers.toList()) },🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@app/src/main/java/com/vultisig/wallet/ui/models/keysign/KeysignViewModel.kt` around lines 332 - 334, The onWaitingForPeers callback in KeysignViewModel currently assigns the mutable missingPeers list reference directly to currentState.value via KeysignState.WaitingForPeer, which can lead to UI state drift if the source list is mutated; fix by taking an immutable snapshot (e.g., create a new list/immutable copy) of missingPeers inside the onWaitingForPeers lambda before creating KeysignState.WaitingForPeer so the state holds its own stable copy instead of the original mutable reference.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@app/src/main/java/com/vultisig/wallet/ui/screens/keysign/Keysign.kt`:
- Around line 109-112: The waiting message is built inline in the
KeysignState.WaitingForPeer branch and can produce "Waiting for …" when
state.missingPeers is empty; change it to use a localized string resource (e.g.,
R.string.waiting_for_peers) and pass a safe fallback: if
state.missingPeers.isEmpty() use a generic localized string like
R.string.waiting_for_any_peer, otherwise format the string with
state.missingPeers.joinToString(). Update the KeysignLoadingScreen invocation to
use the localized/fallback text and keep KeepScreenOn() unchanged.
---
Nitpick comments:
In `@app/src/main/java/com/vultisig/wallet/ui/models/keysign/KeysignViewModel.kt`:
- Around line 332-334: The onWaitingForPeers callback in KeysignViewModel
currently assigns the mutable missingPeers list reference directly to
currentState.value via KeysignState.WaitingForPeer, which can lead to UI state
drift if the source list is mutated; fix by taking an immutable snapshot (e.g.,
create a new list/immutable copy) of missingPeers inside the onWaitingForPeers
lambda before creating KeysignState.WaitingForPeer so the state holds its own
stable copy instead of the original mutable reference.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 266136e9-1286-4dfb-aa2f-abb21812b700
📒 Files selected for processing (4)
app/src/main/java/com/vultisig/wallet/ui/models/keysign/KeysignViewModel.ktapp/src/main/java/com/vultisig/wallet/ui/screens/keysign/Keysign.ktdata/src/main/kotlin/com/vultisig/wallet/data/securityscanner/SecurityScannerExtensions.ktdata/src/main/kotlin/com/vultisig/wallet/data/securityscanner/blockaid/BlockaidExtensions.kt
|
Picked up CodeRabbit feedback (actionable issues only, skipping nitpicks). Working on it. |
…4334) - Remove KeysignState.WaitingForPeer and its onWaitingForPeers callback from KeysignViewModel.kt (DklsKeysign.kt was reverted; callback caused a compilation error) and its UI branch from Keysign.kt - Add KDoc to runSecurityScan, private BlockaidExtensions helpers, and the three new unit tests to satisfy the 80% docstring coverage threshold Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
Addressed both pre-merge check failures: Out of Scope Changes: Removed Docstring Coverage: Added KDoc to |
Fixes #4334
Changes
SecurityScannerExtensions.kt—runSecurityScanchanged from a generic<T>returningTto returningSecurityScannerResultdirectly; thecatchblock now returns a fallbackSecurityScannerResult(isSecure=false, riskLevel=MEDIUM, description="Scan unavailable")instead of rethrowingSecurityScannerException, preventing crashes from propagating to the main thread.BlockaidExtensions.kt—toValidationRiskLevel()no longer throwsSecurityScannerExceptionwhen Blockaid returns an error/simulation-failure status; it now logs a warning viaTimber.wand returnsSecurityRiskLevel.MEDIUMgracefully.BlockaidExtensionsTest.kt— new test class with three cases verifying thattoSecurityScannerResultdoes not throw and returnsisSecure=false+MEDIUMrisk when the response hasvalidation.status="Error",resultType="Error", or top-levelstatus="Error".Checklist
Summary by CodeRabbit