feat: implement Ed25519 signature validation for price updates#308
Open
dominiccreates wants to merge 4 commits into
Open
feat: implement Ed25519 signature validation for price updates#308dominiccreates wants to merge 4 commits into
dominiccreates wants to merge 4 commits into
Conversation
|
@dominiccreates Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
…o-pause on large price deviation
…tion' into feature/ed25519-signature-validation and implement volatility-based asset circuit breaker
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
this pr closes #269
This pull request resolves the MITM vulnerability where off-chain endpoints could submit unsigned data payloads to the oracle. It enforces that all ingested payloads must be cryptographically signed by pre-approved validator keys before updates are saved.
Technical Implementation
Storage Scheme Extensions (types.rs):
Added a Validator(BytesN<32>) variant to DataKey to hold authorized validator keys.
Introduced PricePayload struct to represent the details being signed by validators off-chain:
rust
#[contracttype]
#[derive(Clone, Debug, Eq, PartialEq)]
pub struct PricePayload {
pub asset: Symbol,
pub price: i128,
pub decimals: u32,
pub confidence_score: u32,
pub ttl: u64,
}
Core Verification Logic (lib.rs):
Added administration methods: add_validator, remove_validator, and is_validator.
Updated update_price parameter signature to require signature: BytesN<64> and public_key: BytesN<32>.
Verified that public_key is registered via is_validator (rejecting unauthorized updates with Error::Unauthorized).
Reconstructed PricePayload from parameters and verified its off-chain cryptographic signature using env.crypto().ed25519_verify().
Test Suite Adaptation (test.rs):
Added ed25519-dalek to test dependencies to dynamically generate real keypairs and valid Ed25519 signatures inside tests.
Wrote wrappers do_update_price and do_try_update_price to automatically handle serialization and signing in tests.
Updated all 45+ existing test assertions to seamlessly supply valid signature arguments.
Added a dedicated unit test test_ed25519_signature_validation to verify:
Unregistered validator signatures are rejected with Error::Unauthorized.
Authentic signatures from pre-approved validator keys are processed successfully.
Keys successfully removed by the admin are rejected.