use preimage hash for auth entry verification#2034
Conversation
|
Preview is available here: |
|
This pull request is stale because it has been open for 60 days with no activity. |
There was a problem hiding this comment.
Pull request overview
This PR updates the transaction signatures UI to cryptographically verify Soroban authorization entry signatures using the HashIdPreimage-based payload, aligning auth-entry verification with how Soroban signatures are actually constructed.
Changes:
- Replaces auth-entry “public key matches address” checks with signature verification over
HashIdPreimageSorobanAuthorization(network ID + nonce + invocation + expiration ledger). - Plumbs raw auth-entry JSON through parsing so it can be re-encoded to XDR for verification.
- Updates generated
networkLimits.tsconstants (large data-only regeneration).
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| src/app/(sidebar)/transaction/dashboard/components/Signatures.tsx | Implements cryptographic verification for Soroban auth entry signatures and updates UI verification logic. |
| src/constants/networkLimits.ts | Regenerates network limit constant values (auto-generated data file). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "live_soroban_state_size_window": [ | ||
| "698933560", | ||
| "699854984", | ||
| "700498804", | ||
| "700342140", | ||
| "700482104", | ||
| "700881920", | ||
| "701866036", | ||
| "702327232", | ||
| "702236112", | ||
| "702418272", | ||
| "702794004", | ||
| "703655676", | ||
| "703906824", | ||
| "704134152", | ||
| "704376184", | ||
| "704566128", | ||
| "704783500", | ||
| "705684296", | ||
| "706367628", | ||
| "706533156", | ||
| "706697884", | ||
| "706985136", | ||
| "707803656", | ||
| "707819944", | ||
| "707582232", | ||
| "708142500", | ||
| "708686816", | ||
| "709541828", | ||
| "710004992", | ||
| "709889972" | ||
| "815655900", | ||
| "816156784", | ||
| "816421916", | ||
| "816448200", | ||
| "816688596", |
| const isMatch = | ||
| isXdrInit && | ||
| verifyAuthEntrySignature( | ||
| entry.rawEntry, | ||
| entry.publicKey, | ||
| entry.signature, | ||
| network.passphrase, |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3571ade049
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| ); | ||
| const keypair = Keypair.fromPublicKey(stellarAddress); | ||
|
|
||
| return keypair.verify(payload, Buffer.from(signatureHex, "hex")); |
There was a problem hiding this comment.
For address auth entries where the signature map contains a public_key that is not actually authorized by entry.address, this return value can still be true: the preimage constructed above is only network/nonce/expiration/invocation and does not bind addrAuth.address(), and the derived key is never checked against the credential address or its signer set. A forged or failed auth entry can therefore display a green check next to a victim address simply by including an attacker-controlled key and a valid signature from that key over the same payload.
Useful? React with 👍 / 👎.
https://hackerone.com/reports/3652658