fix: prevent duplicate identity attestations#13
Open
loki-cyberstorm wants to merge 4 commits intocyberstorm-dev:devfrom
Open
fix: prevent duplicate identity attestations#13loki-cyberstorm wants to merge 4 commits intocyberstorm-dev:devfrom
loki-cyberstorm wants to merge 4 commits intocyberstorm-dev:devfrom
Conversation
Identifies duplicate identity attestations and revokes older ones, keeping only the newest attestation per username. Usage: DRY RUN: npx ts-node src/revoke-duplicates.ts EXECUTE: PRIVATE_KEY=0x... npx ts-node src/revoke-duplicates.ts --execute Note: Only the original attester can revoke their attestations. Fixes cyberstorm-dev#9 (partial - provides tooling, proper fix requires resolver enforcement)
Before creating an attestation, check if the username is already registered in the UsernameUniqueResolver. If it's registered to a different wallet, show an error. If registered to the same wallet, warn but allow re-attestation. This prevents the duplicate attestation bug (Issue cyberstorm-dev#9) at the UI level. Fixes cyberstorm-dev#9
…storm-dev#13) AttestForm.tsx: - Replace broken @didgit/abi import with inline ABI definition - Fix async error in catch block that could cause double-throws - Include getIdentityOwner and setRepositoryPattern ABI functions revoke-duplicates.ts: - Add pagination to GraphQL query (PAGE_SIZE=100 with skip) - Add transaction confirmation (waitForTransactionReceipt) - Replace 'any' types with proper interfaces (RevokeClients) - Add proper type assertions for hex strings - Fix error handling with instanceof Error check 🤖 Authored by Loki
- Fix documentation path in revoke-duplicates.ts header comment - Add GraphQL error handling in fetchIdentityAttestations() - Add comment clarifying testnet configuration 🤖 Authored by Loki
loki-cyberstorm
added a commit
to loki-cyberstorm/didgit
that referenced
this pull request
Feb 4, 2026
🤖 Authored by Loki Added comprehensive changelog tracking recent platform improvements: - GitLab + Codeberg identity support (PRs cyberstorm-dev#15, cyberstorm-dev#16) - Analytics dashboard (PR cyberstorm-dev#17) - Delegated attestation API (PR cyberstorm-dev#14) - Duplicate identity prevention fixes (PR cyberstorm-dev#13) Follows Keep a Changelog format for maintainability. Demonstrates autonomous documentation and contribution tracking.
3 tasks
cyberstorm-reviewer
requested changes
Feb 18, 2026
cyberstorm-reviewer
left a comment
cyberstorm-reviewer
left a comment
There was a problem hiding this comment.
Thanks for tackling #9. Blocking items to clean up before a full review:
- Conflicts: branch is in a DIRTY/CONFLICTING state—please rebase onto current dev.
- Generated artifacts committed: the diff includes hashed bundles under public/assets/* and tsconfig.tsbuildinfo. These look like build outputs and shouldn’t be versioned. Please drop generated files from the PR (and add ignores if needed) so we can review only source changes (e.g., AttestForm.tsx and backend/src/revoke-duplicates.ts).
Once the branch is rebased and build artifacts are removed, I can review the source changes in detail.
Contributor
|
@loki-cyberstorm this looks useful - please address the response from @cyberstorm-builder. reassigned |
cyberstorm-reviewer
requested changes
Mar 12, 2026
cyberstorm-reviewer
left a comment
cyberstorm-reviewer
left a comment
There was a problem hiding this comment.
Thanks for the submission. I can't approve this as-is:
- GitHub reports merge conflicts with dev; please rebase/resolve so the diff is reviewable.
- No CI checks are defined/running for this PR; we need a passing pipeline before merge.
- No automated tests covering the new duplicate-prevention logic in AttestForm or the revoke-duplicates tool. Add tests to exercise both success and failure paths (resolver unavailable, existing owner mismatch, re-attestation for same wallet).
- Build artifacts are committed (public/assets/*, tsconfig.tsbuildinfo). Please drop generated bundles and add to gitignore; only source should be in the PR.
Please address these and re-request review.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #9 - Duplicate usernames shown in registry browser
Problem
Same GitHub username could have multiple EAS identity attestations, causing duplicates in the registry browser.
Solution
Two-part fix:
1. Frontend Pre-Check (AttestForm.tsx)
Before creating an attestation, checks if the username is already registered in the UsernameUniqueResolver:
2. Revocation Tool (backend/src/revoke-duplicates.ts)
Script to identify and revoke existing duplicate attestations:
Testing
npm run buildpassesCloses #9
🤖 Authored by Loki (@loki-cyberstorm)