Skip to content

fix: resolve var hoisting bug in console bridge #1494

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
afeight wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix: resolve var hoisting bug in console bridge #1494

afeight wants to merge 2 commits into from

Conversation

@afeight
Copy link
Contributor

@afeight afeight commented Nov 15, 2025

Description

Fixes a critical JavaScript var hoisting bug in the React Native WebView console bridge that was hiding errors from the frame code.

The Problem:
The seen Set variable was declared inside a finally block using var, but was accessed in the try block's JSON.stringify replacer function. Due to JavaScript var hoisting, seen was undefined when accessed, causing TypeError: Cannot read property 'has' of undefined. This error was caught and swallowed, returning '[Unserializable Object]' instead of the actual error message.

The Impact:
This bug was hiding critical errors from the open-signer frame code running in WKWebView, including:

  • Attestation verification failures
  • Network fetch errors
  • Other runtime exceptions

This made debugging WKWebView issues nearly impossible, as reported in https://crossmint.slack.com/archives/C09T6V4QSEQ/p1763238997415029.

The Fix:

  • Moved seen declaration to before the try block where it's used
  • Changed from var to const for proper scoping
  • Removed duplicate/unused var seen declaration

Test plan

⚠️ Manual testing required - This change affects injected JavaScript in React Native WebView:

  • Test in iOS WKWebView environment with open-signer frame
  • Verify console errors are now properly logged and visible
  • Confirm circular reference detection still works correctly
  • Test with various object types (functions, circular refs, unserializable objects)

Unit tests should be added for the console bridge serialization logic in a follow-up.

Package updates

  • @crossmint/client-sdk-rn-window - patch version bump needed
  • Run pnpm change:add to create changeset

Human Review Checklist:

  • Verify the scope change (const in try block vs var in finally) doesn't break edge cases
  • Confirm this fixes error visibility in WKWebView environments
  • Consider if similar var hoisting issues exist elsewhere in the codebase
  • Evaluate need for unit tests for console bridge logic

Requested by: austin@paella.dev (@afeight)
Devin session: https://app.devin.ai/sessions/019ddb2501804c8d83765e0311cb6720

@devin-ai-integration @afeight
fix: resolve var hoisting bug in console bridge causing errors to be …
91c7da5 
…hidden

The console bridge had a critical bug where the 'seen' Set was used in the
JSON.stringify replacer function before it was declared. Due to JavaScript
var hoisting, 'seen' was undefined when accessed, causing TypeError that
were caught and swallowed, hiding actual errors from the frame code.

This fix moves the 'seen' declaration to before the try block where it's
used, ensuring it's properly initialized. This will allow actual errors
from attestation verification and other frame operations to be properly
logged and visible for debugging.

Impact: This bug was hiding 'Load failed' and other critical errors in
WKWebView environments, making it impossible to diagnose attestation
verification failures.

Co-Authored-By: austin@paella.dev <austin@paella.dev>
@devin-ai-integration
Copy link
Contributor

devin-ai-integration bot commented Nov 15, 2025

Original prompt from austin@paella.dev 
SYSTEM:
=== BEGIN THREAD HISTORY (in #incident-swift-papaya) ===
Austin Feight (U03BS1CLKAN): *Observation 1:* `Dstack` attestation verification fails, Phala API continues
Function running
```async verifyTEEReport(quote: string) {
	this.logger.debug(this.name, "Initializing DCAP QVL WASM", wasm);
	await init(wasm);

	const decodedQuote = decodeBytes(quote, "hex");
	this.logger.debug(this.name, "Decoded quote", decodedQuote); // <------------------- Logs inexplicably stop here, error 'undefined' thrown, code continues w/ Phala API
	const collateral = await js_get_collateral(PCCS_URL, decodedQuote);
    ...```
*Observation 2:* Code completely halts during `Dstack` attestation verification
*This is what I’m seeing most often*
```async verifyTEEReport(quote: string) {
	this.logger.debug(this.name, "Initializing DCAP QVL WASM", wasm);
	await init(wasm);

	const decodedQuote = decodeBytes(quote, "hex");
	this.logger.debug(this.name, "Decoded quote", decodedQuote); // <------------------- Logs inexplicably stop here. No error thrown, just simply stops after logging this line. No 
	const collateral = await js_get_collateral(PCCS_URL, decodedQuote);
	...```
*Observation 3:* Both attestation verifications fail, SDK is rendered useless
```{"type":"console.warn","data":["[TEEAttestationService] DStack verifier failed: undefined"]}
Console[warn]: [TEEAttestationService] DStack verifier failed: undefined
{"type":"console.log","data":["[TEEAttestationService] Attempting verification with Phala API verifier"]}
Console[log]: [TEEAttestationService] Attempting verification with Phala API verifier
{"type":"console.warn","data":["[TEEAttestationService] Phala API verifier failed: Load failed"]}
Console[warn]: [TEEAttestationService] Phala API verifier failed: Load failed
{"type":"console.error","data":["[TEEAttestationService] Failed to verify TEE quote with all available verifiers. Last error: Load failed"]}```
Function running
```async verifyTEEReport(quote: string): Promise<Quote> {... (2332 chars truncated...)

@devin-ai-integration
Copy link
Contributor

devin-ai-integration bot commented Nov 15, 2025

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@vercel
Copy link

vercel bot commented Nov 15, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Preview Comments Updated (UTC)
smart-wallet-auth-demo Ignored Ignored Nov 15, 2025 10:53pm

@changeset-bot
Copy link

changeset-bot bot commented Nov 15, 2025
edited
Loading

🦋 Changeset detected

Latest commit: e0946dc

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages
Name Type
@crossmint/client-sdk-rn-window Patch
expo-demo Patch
@crossmint/client-sdk-react-native-ui Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@devin-ai-integration @afeight
chore: add changeset for console bridge fix
e0946dc 
Co-Authored-By: austin@paella.dev <austin@paella.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@afeight afeight

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@afeight