From 027b8663af8f80aae8d8385e440e8b9f17a0a8ef Mon Sep 17 00:00:00 2001 From: Thibaut Sardan Date: Mon, 18 Nov 2024 14:36:24 +0000 Subject: [PATCH 1/5] remove validateSignedTransaction --- packages/api/src/submittable/createClass.ts | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/packages/api/src/submittable/createClass.ts b/packages/api/src/submittable/createClass.ts index 1c8b1088ad4..2a3ce01540c 100644 --- a/packages/api/src/submittable/createClass.ts +++ b/packages/api/src/submittable/createClass.ts @@ -367,7 +367,6 @@ export function createClass ({ api, apiType, blockHas throw new Error(`When using the signedTransaction field, the transaction must be signed. Recieved isSigned: ${ext.isSigned}`); } - this.#validateSignedTransaction(payload, ext); // This is only used for signAsync - signAndSend does not need to adjust the super payload or // add the signature. super.addSignature(address, result.signature, newSignerPayload.toPayload()); @@ -398,20 +397,6 @@ export function createClass ({ api, apiType, blockHas } } }; - - /** - * When a signer includes `signedTransaction` within the SignerResult this will validate - * specific fields within the signed extrinsic against the original payload that was passed - * to the signer. - */ - #validateSignedTransaction = (signerPayload: SignerPayload, signedExt: Extrinsic): void => { - const payload = signerPayload.toPayload(); - const errMsg = (field: string) => `signAndSend: ${field} does not match the original payload`; - - if (payload.method !== signedExt.method.toHex()) { - throw new Error(errMsg('call data')); - } - }; } return Submittable; From c323c3c3fe4e48acbf74b595b96c2d69aac95ab9 Mon Sep 17 00:00:00 2001 From: Thibaut Sardan Date: Tue, 19 Nov 2024 10:15:08 +0000 Subject: [PATCH 2/5] add optional allowCallDataAlteration defaulting to true --- packages/api/src/submittable/createClass.ts | 19 +++++++++++++++++++ packages/types/src/types/extrinsic.ts | 1 + 2 files changed, 20 insertions(+) diff --git a/packages/api/src/submittable/createClass.ts b/packages/api/src/submittable/createClass.ts index 2a3ce01540c..1392bcf9cd3 100644 --- a/packages/api/src/submittable/createClass.ts +++ b/packages/api/src/submittable/createClass.ts @@ -325,6 +325,7 @@ export function createClass ({ api, apiType, blockHas #signViaSigner = async (address: Address | string | Uint8Array, options: SignatureOptions, header: Header | null): Promise => { const signer = options.signer || api.signer; + const allowCallDataAlteration = options.allowCallDataAlteration || true; if (!signer) { throw new Error('No signer specified, either via api.setSigner or via sign options. You possibly need to pass through an explicit keypair for the origin so it can be used for signing.'); @@ -367,6 +368,10 @@ export function createClass ({ api, apiType, blockHas throw new Error(`When using the signedTransaction field, the transaction must be signed. Recieved isSigned: ${ext.isSigned}`); } + if (!allowCallDataAlteration) { + this.#validateSignedTransaction(payload, ext); + } + // This is only used for signAsync - signAndSend does not need to adjust the super payload or // add the signature. super.addSignature(address, result.signature, newSignerPayload.toPayload()); @@ -397,6 +402,20 @@ export function createClass ({ api, apiType, blockHas } } }; + + /** + * When a signer includes `signedTransaction` within the SignerResult this will validate + * specific fields within the signed extrinsic against the original payload that was passed + * to the signer. + */ + #validateSignedTransaction = (signerPayload: SignerPayload, signedExt: Extrinsic): void => { + const payload = signerPayload.toPayload(); + const errMsg = (field: string) => `signAndSend: ${field} does not match the original payload`; + + if (payload.method !== signedExt.method.toHex()) { + throw new Error(errMsg('call data')); + } + }; } return Submittable; diff --git a/packages/types/src/types/extrinsic.ts b/packages/types/src/types/extrinsic.ts index ed0546aef04..897483d308c 100644 --- a/packages/types/src/types/extrinsic.ts +++ b/packages/types/src/types/extrinsic.ts @@ -188,6 +188,7 @@ export interface IExtrinsicEra extends Codec { } export interface SignatureOptions { + allowCallDataAlteration?: boolean; blockHash: Uint8Array | string; era?: IExtrinsicEra; genesisHash: Uint8Array | string; From b3c6949f5e26db573d6a745bdb0918980bdb2c9c Mon Sep 17 00:00:00 2001 From: Thibaut Sardan Date: Tue, 19 Nov 2024 10:17:33 +0000 Subject: [PATCH 3/5] nit --- packages/api/src/submittable/createClass.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/api/src/submittable/createClass.ts b/packages/api/src/submittable/createClass.ts index 1392bcf9cd3..f16f2288d89 100644 --- a/packages/api/src/submittable/createClass.ts +++ b/packages/api/src/submittable/createClass.ts @@ -404,10 +404,10 @@ export function createClass ({ api, apiType, blockHas }; /** - * When a signer includes `signedTransaction` within the SignerResult this will validate - * specific fields within the signed extrinsic against the original payload that was passed - * to the signer. - */ + * When a signer includes `signedTransaction` within the SignerResult this will validate + * specific fields within the signed extrinsic against the original payload that was passed + * to the signer. + */ #validateSignedTransaction = (signerPayload: SignerPayload, signedExt: Extrinsic): void => { const payload = signerPayload.toPayload(); const errMsg = (field: string) => `signAndSend: ${field} does not match the original payload`; From cca5e851ad1eab6e9b8efe587321728b6cd6e918 Mon Sep 17 00:00:00 2001 From: Thibaut Sardan Date: Tue, 19 Nov 2024 10:18:32 +0000 Subject: [PATCH 4/5] spacing --- packages/api/src/submittable/createClass.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/api/src/submittable/createClass.ts b/packages/api/src/submittable/createClass.ts index f16f2288d89..226edb198fe 100644 --- a/packages/api/src/submittable/createClass.ts +++ b/packages/api/src/submittable/createClass.ts @@ -404,10 +404,10 @@ export function createClass ({ api, apiType, blockHas }; /** - * When a signer includes `signedTransaction` within the SignerResult this will validate - * specific fields within the signed extrinsic against the original payload that was passed - * to the signer. - */ + * When a signer includes `signedTransaction` within the SignerResult this will validate + * specific fields within the signed extrinsic against the original payload that was passed + * to the signer. + */ #validateSignedTransaction = (signerPayload: SignerPayload, signedExt: Extrinsic): void => { const payload = signerPayload.toPayload(); const errMsg = (field: string) => `signAndSend: ${field} does not match the original payload`; From b66b33b4eba02ffce5f36051124390cedcc620b9 Mon Sep 17 00:00:00 2001 From: Thibaut Sardan <33178835+Tbaut@users.noreply.github.com> Date: Tue, 19 Nov 2024 15:06:51 +0100 Subject: [PATCH 5/5] Update packages/api/src/submittable/createClass.ts --- packages/api/src/submittable/createClass.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/api/src/submittable/createClass.ts b/packages/api/src/submittable/createClass.ts index 226edb198fe..cff1c268c27 100644 --- a/packages/api/src/submittable/createClass.ts +++ b/packages/api/src/submittable/createClass.ts @@ -325,7 +325,7 @@ export function createClass ({ api, apiType, blockHas #signViaSigner = async (address: Address | string | Uint8Array, options: SignatureOptions, header: Header | null): Promise => { const signer = options.signer || api.signer; - const allowCallDataAlteration = options.allowCallDataAlteration || true; + const allowCallDataAlteration = options.allowCallDataAlteration ?? true; if (!signer) { throw new Error('No signer specified, either via api.setSigner or via sign options. You possibly need to pass through an explicit keypair for the origin so it can be used for signing.');