Adding aptos service implementation by yashnevatia · Pull Request #340 · smartcontractkit/chainlink-aptos

yashnevatia · 2026-02-16T16:47:53Z

No description provided.

relayer/aptos_service.go

+
+		balance, err := client.AccountAPTBalance(addr)
+		if err != nil {
+			s.logger.Warnw("failed to get balance for account, skipping", "account", account, "address", addr.String(), "error", err)


In general, to fix clear-text logging of sensitive information, you either (a) omit the sensitive field from logs, or (b) obfuscate/redact it before logging so that it cannot be reversed to the original value. Here, the specific issue is that addr.String() (derived from an authKey) is logged in a warning message when fetching an account’s balance fails.

The safest, minimal-change fix is to stop logging the full address string and either remove it entirely or replace it with a redacted/hashed form. Since we already log "account", account (the original hex public key string) and "error", err, operational debugging remains possible even without the full address. To avoid introducing new helper functions or dependencies, the simplest approach is to remove "address", addr.String() from the Warnw call on line 237. No other code paths use this value in logs, so this single change eliminates the flagged flow without changing program behavior (the balance query itself still uses addr; only the log message changes).

Concretely:

In relayer/aptos_service.go, inside getAccountWithHighestBalance, edit the Warnw call in the if err != nil block around line 237.

Remove the "address", addr.String() key-value pair from the structured log fields.

No imports, methods, or additional definitions are required.

relayer/txm/txm.go

+
+	select {
+	case a.broadcastChan <- transactionID:
+		ctxLogger.Debugw("Tx enqueued", "fromAddr", fromAddress)


To fix the problem, we should ensure that the potentially sensitive value (fromAddress) is not logged in clear text. The simplest way to do this without changing functional behavior is to either (1) remove the "fromAddr" field from the log entirely, or (2) log only a non-sensitive, obfuscated form (e.g., a truncated address or a stable hash) that still supports debugging without exposing the full address.

The single best minimally invasive fix here is to remove or anonymize the logged address at the debug line in EnqueueCRE in relayer/txm/txm.go. Since the transaction ID is already part of the contextual logger (GetContexedTxLogger), and the tx object contains the FromAddress stored in memory for later use, logging the full fromAddress is not necessary. We can change:

ctxLogger.Debugw("Tx enqueued", "fromAddr", fromAddress)

either to:

ctxLogger.Debugw("Tx enqueued")

or to an obfuscated form like:

ctxLogger.Debugw("Tx enqueued", "fromAddr_suffix", fromAddress[len(fromAddress)-6:])

if you still want some address context. To stay conservative and avoid even partial leakage, the cleanest fix is to remove the address field entirely.

Concretely:

File: relayer/txm/txm.go

In EnqueueCRE, modify the Debugw call in the case a.broadcastChan <- transactionID: branch to stop including fromAddress.

No new imports or helpers are required for the “remove field” approach.

…-aptos into aptos-service

Adding aptos service implementation

eac7f5c

yashnevatia requested a review from a team as a code owner February 16, 2026 16:47

github-advanced-security bot found potential problems Feb 16, 2026

View reviewed changes

yashnevatia added 2 commits February 17, 2026 12:11

Adding EnqueueCRE test, cannot run locally, trying on CI

4283546

Merge branch 'develop' of ssh://github.com/smartcontractkit/chainlink…

e5b0369

…-aptos into aptos-service

yashnevatia had a problem deploying to integration February 17, 2026 12:17 — with GitHub Actions Error

tidy

3ce182f

yashnevatia had a problem deploying to integration February 17, 2026 12:22 — with GitHub Actions Error

tidy

55d4e2c

yashnevatia temporarily deployed to integration February 17, 2026 12:32 — with GitHub Actions Inactive

function name

c7c93d0

yashnevatia temporarily deployed to integration February 17, 2026 13:17 — with GitHub Actions Inactive

wait for cre txs

9bee276

yashnevatia temporarily deployed to integration February 17, 2026 13:42 — with GitHub Actions Inactive

adding serialised params

aafdb92

yashnevatia temporarily deployed to integration February 17, 2026 14:08 — with GitHub Actions Inactive

yashnevatia added 5 commits February 17, 2026 20:21

clean

e180775

wip

517566a

forwarder comments

1bbc29e

wip

abfd050

comments

01d90e1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Adding aptos service implementation#340

Adding aptos service implementation#340
yashnevatia wants to merge 13 commits intodevelopfrom
aptos-service

yashnevatia commented Feb 16, 2026

Uh oh!

Check failure

Copilot Autofix

Check failure

Copilot Autofix

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

@@ -292,7 +292,7 @@
             	select {
             	case a.broadcastChan <- transactionID:
-            		ctxLogger.Debugw("Tx enqueued", "fromAddr", fromAddress)
+            		ctxLogger.Debugw("Tx enqueued")
             	default:
             		// if the channel is full, we drop the transaction.
             		// we do this instead of setting the tx in `a.transactions` post-broadcast to avoid a race

Conversation

yashnevatia commented Feb 16, 2026

Uh oh!

Check failure

Uh oh!

Copilot Autofix

Check failure

Uh oh!

Copilot Autofix

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant