0

Suppose I have a simple web UI to connect wallet and click a button to invoke a solana program transaction. Since the call is happening actually on user’s host machine/the browser, it's possible somehow the sol smart contract request metadata can be altered by the transaction signing user.

Is there a way to validate that ?

Subash Chaturanga
  • 814
  • 2
  • 10
  • 20

1 Answers1

0

This is a bit of an open-ended question, but technically, there's no way to validate what the user does unless you have your own on-chain program perform validation and then call another on-chain program.

For example, if you only want certain users to perform SOL transfers, your program can validate that the sender is on a list of allowed users before performing a cross-program invocation to transfer the SOL.

Jon C
  • 7,019
  • 10
  • 17
  • My Question is more like, not user can be whitelisted, but how can we validate the request integrity. For example, can we sign the payload before sending ? then inside the solana program to validate the signature. One more side question if I may, is it possible/recommended to invoke an external http api within a solana program. – Subash Chaturanga Aug 10 '22 at 00:50
  • Yep, you can definitely sign it on your side, give it to the client to sign too, then validate that your account signed in the program. The Solana runtime will validate all signatures are valid before passing the instruction down to your program. From an on-chain program, you can only access on-chain data, and nothing else, otherwise there would be indeterminism in the transaction results, which would make it nearly impossible for validators to achieve consensus – Jon C Aug 10 '22 at 11:09
  • I didn't mean the regular transaction signing by the user. I mean additional signing of the request payload by, say a typical RSA asymmetric key pair . With current model, the blockchain trust the transaction signing user. (because it's signer's wallet). My case is, if there's a use case I might not 100% trust the signer about the integrity of the metadata of the request. – Subash Chaturanga Aug 11 '22 at 03:41
  • Example: Suppose my solana program accepts list of programmatically chosen addresses, and it sends some lamports to all of them. So I (sol program) cannot trust signer, he can technically do a Man in the Middle like interception to manipulate the request metadata. Hope this example explains above requirement. – Subash Chaturanga Aug 11 '22 at 03:55
  • 1
    In the end, all transactions go to a Solana node, which perform all of the signature verification checks needed, including making sure that the payload conforms to the signatures, and then your program can check that the correct accounts signed. You can also have multiple signatures in a transaction. It's impossible for a man in the middle attack, since modifying the transaction would invalidate the signatures. – Jon C Aug 12 '22 at 11:02
  • You mind explaining "since modifying the transaction would invalidate the signatures" ? My point was, the transaction signer can change some request parameters from the browser and then invoke the transaction. – Subash Chaturanga Aug 18 '22 at 02:26
  • If you sign a transaction, then someone changes other parts of the transaction, then your signature is now invalid, and the cluster will not accept it – Jon C Aug 18 '22 at 12:08