Debugging a Bot: Fixing the Posting vs. Active Key Mix-up (With Code!)

So, @paulmoon410 reached out recently; he'd been running into some trouble getting his peakecoin BNB bot to work as expected. When I had a bit of free time, I offered to take a look and see if I could spot the issue.

Diving into the Python code (looks like it's using beem, a perfect opportunity to pitch hive-nectar!), the problem turned out to be a classic Hive key permissions issue within the transaction construction. The bot was trying to broadcast a custom_json operation – for interacting with the sidechain for placing orders – but it was specifying the posting key as the required authority and trying to sign with it.

Here’s a snippet of the diff showing the exact changes needed to fix it:

@@ -65,16 +65,16 @@ def place_order(account_name, token, price, quantity, order_type="buy"):
     try:
         tx = TransactionBuilder(blockchain_instance=hive)
         op = Custom_json(
-            required_auths=[],
-            required_posting_auths=[account_name],
+            required_auths=[account_name],      # <-- Change: Explicitly require ACTIVE auth
+            required_posting_auths=[],          # <-- Change: Remove posting auth requirement
             id="ssc-mainnet-hive", # Assuming this is the intended ID for the custom_json
-            json=jsonlib.dumps(payload)
+            json=jsonlib.dumps(payload),
         )
         tx.appendOps([op])
-        tx.appendSigner(account_name, "posting") # <-- Change: Tell builder to sign with ACTIVE
+        tx.appendSigner(account_name, "active")  # <-- Change: Tell builder to sign with ACTIVE
         print("🔐 Loaded public keys in wallet:", hive.wallet.getPublicKeys())
-        print("🔑 Required signing key (posting):", account["posting"]["key_auths"][0][0])
+        print("🔑 Attempting to sign with ACTIVE key...")
         tx.sign()
         print("🔏 Transaction signed successfully!")

You can see the key changes:

1. The Custom_json operation itself now declares required_auths=[account_name] instead of required_posting_auths. This signals to the blockchain that this specific operation needs the account's active permission level.
2. Crucially, tx.appendSigner is changed from "posting" to "active". This tells the TransactionBuilder to actually find and use the active key associated with the account_name from the loaded wallet when signing the transaction.

As most Hive developers know, the posting key is great for social actions, but anything involving token movements, market orders, or sensitive custom JSONs generally requires the higher authority of the active key. Making these specific code adjustments to correctly require and sign with the active key did the trick, and the bot successfully executed the transaction. Always a good feeling to see it fire off successfully!

Here's one of the successful transactions on the block explorer, showing the operation went through:
Tx: 1e05736e...

Of course, I shared the findings and the code changes with @paulmoon410 and explained why the active key was needed for what the bot was trying to accomplish. But it did get me thinking afterward...

When we help someone by directly finding and fixing their problem, are we truly helping them learn in the long run, or did I just "do it for him" this time? It's a fine line, I suppose. You want to get them unblocked, but you also hope the explanation sticks so they can solve similar problems themselves next time. Was it a teaching moment, or just a quick fix?

Just some musings on the nature of helping out in the tech space. Glad Paul's bot is up and running now, regardless!

As always,
Michael Garcia a.k.a. TheCrazyGM