fix: remove tx source from auth entry signing logic#2386
Open
fix: remove tx source from auth entry signing logic#2386
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates Soroban auth-entry signing so the transaction source account is no longer used as an explicit signer for sign_soroban_authorizations, based on the premise that the tx signature alone authorizes source-account auth entries.
Changes:
- Removes the
source_signerparameter/plumbing from Soroban auth-entry signing. - Refactors
sign_soroban_authorizationsto operate directly on the singleInvokeHostFunctionoperation and rebuild the transaction only when needed. - Updates an integration test to exercise invoking auth with a non-source identity.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| cmd/soroban-cli/src/signer/mod.rs | Refactors auth signing and removes tx-source signer fallback. |
| cmd/soroban-cli/src/config/mod.rs | Stops resolving/passing the tx source signer into auth signing. |
| cmd/soroban-cli/src/assembled.rs | Removes now-unused requires_auth helper/method. |
| cmd/crates/soroban-test/tests/it/integration/hello_world.rs | Adds coverage for auth invocation where the authorized address differs from --source. |
Comments suppressed due to low confidence (1)
cmd/soroban-cli/src/signer/mod.rs:127
- After removing the
source_signerfallback, an auth entry whose address equals the transaction source account will now hitMissingSignerForAddressunless the caller also included the source insigners. This contradicts the PR intent (“tx source doesn’t need to explicitly sign auth entries”) and will break contracts thatrequire_auth()on the invoker/source without passing an address argument (so no signer is resolved). Consider detecting when the auth address equalsraw.source_accountand, in that case, leaving the entry untouched (and not requiring a signer).
match signer {
Some(signer) => {
let signed_entry = sign_soroban_authorization_entry(
raw_auth,
signer,
signature_expiration_ledger,
&network_id,
)?;
signed_auths.push(signed_entry);
}
None => {
return Err(Error::MissingSignerForAddress {
address: stellar_strkey::Strkey::PublicKeyEd25519(
stellar_strkey::ed25519::PublicKey(*needle),
)
.to_string(),
});
}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Removes the tx source signer from the
sign_soroban_authorizationsfunction.Why
The tx source account does not need to explicitly sign authorization entries. Signing the transaction is enough to authorize these entries.
Known limitations
None