Wp 5782/fix near token enablement validation #6958

SimonVutovB · 2025-09-11T15:31:30Z

Summary

Added token enablement validation and tests

Changes

Inside, verifyTransaction in near.ts of sdk-coin-near, validate the txHex is a valid token enablement transaction for the specified token and does not have additional transactions embedded.

modules/sdk-coin-near/test/unit/tokenEnablementValidation.ts

mtexeira-simtlix

A few changes requested but you got a general first idea, good job! let me know if you need further clarification on any of the mentioned points @SimonVutovB

Thanks!

modules/sdk-coin-near/src/near.ts

mtexeira-simtlix · 2025-09-15T17:43:53Z

@SimonVutovB for this issue that you're getting on the CI/CD steps, just rebase master since your dep versions are out of date:

modules/sdk-coin-near/src/near.ts

mohammadalfaiyazbitgo

add a unit test to show sendTokenEnablements throws an error when you mock a response with a spoofed TxHex. Otherwise lgtm.

modules/sdk-coin-near/test/unit/tokenEnablementValidation.ts

mohammadalfaiyazbitgo

please add a test case showcasing sendAccountConsolidations fails when a spoofed txHex is returned in the response.

mohammadalfaiyazbitgo

Can we add a test that shows a spoofed tx from platform will be rejected, similar to HBAR's?

balakrishna507

i'll also request a review from the coin owners.

modules/sdk-coin-near/test/unit/tokenEnablementValidation.ts

mtexeira-simtlix

Thanks for the changes Simon! It's looking better.
I left a nit and a couple of requested changes, feel free to ask about these!
Cheers.

modules/sdk-coin-near/src/near.ts

mtexeira-simtlix

lgtm, thanks!

Forgot a comment.

mohammadalfaiyazbitgo · 2025-10-01T18:45:57Z

modules/sdk-coin-near/src/near.ts

    const explainedTx = transaction.explainTransaction();

    // users do not input recipients for consolidation requests as they are generated by the server
+    if (txParams.type === 'enabletoken') {


Suggested change

if (txParams.type === 'enabletoken') {

if (txParams.type === 'enabletoken' && verification.verifyTokenEnablement) {

mohammadalfaiyazbitgo

LGTM, missing one last change.

FloBitGo · 2025-10-03T07:59:24Z

modules/sdk-coin-near/src/near.ts


      if (!_.isEqual(filteredOutputs, filteredRecipients)) {
+        // For enabletoken, provide more specific error messages for address mismatches
+        if (txParams.type === 'enabletoken') {


Suggested change

if (txParams.type === 'enabletoken') {

if (txParams.type === 'enabletoken' && params.verification?.verifyTokenEnablement) {

Not sure if we always want to throw this new error or only if the param is passed?

Yeah you're right, good catch. Just pushed change to add the check for the verifyTokenEnablement flag.

mukeshsp

Please squash all the commits into a single commit.

NEAR token enablement blind signing validation TICKET: WP-5782

sijuu · 2025-10-10T06:37:48Z

PR has merge conflicts

WP-5782 TICKET: WP-5782

SimonVutovB requested review from mkottaichamy and mohammadalfaiyazbitgo September 11, 2025 15:31

SimonVutovB requested a review from a team as a code owner September 11, 2025 15:31

github-advanced-security bot found potential problems Sep 11, 2025

View reviewed changes

modules/sdk-coin-near/test/unit/tokenEnablementValidation.ts Fixed Show fixed Hide fixed

SimonVutovB force-pushed the WP-5782/fix-near-token-enablement-validation branch 3 times, most recently from 3371efc to b81a0d0 Compare September 11, 2025 19:21

SimonVutovB requested a review from mtexeira-simtlix September 15, 2025 15:39

mtexeira-simtlix requested changes Sep 15, 2025

View reviewed changes

modules/sdk-coin-near/src/near.ts Outdated Show resolved Hide resolved

modules/sdk-coin-near/src/near.ts Outdated Show resolved Hide resolved

modules/sdk-coin-near/src/near.ts Outdated Show resolved Hide resolved

SimonVutovB force-pushed the WP-5782/fix-near-token-enablement-validation branch from 8d0fb13 to fa835c7 Compare September 15, 2025 17:41

SimonVutovB force-pushed the WP-5782/fix-near-token-enablement-validation branch from fa835c7 to cf059f2 Compare September 16, 2025 13:16

SimonVutovB requested review from a team as code owners September 16, 2025 13:16

SimonVutovB force-pushed the WP-5782/fix-near-token-enablement-validation branch from cf059f2 to 6141074 Compare September 16, 2025 13:31

mohammadalfaiyazbitgo requested changes Sep 16, 2025

View reviewed changes

modules/sdk-coin-near/src/near.ts Outdated Show resolved Hide resolved

modules/sdk-coin-near/src/near.ts Outdated Show resolved Hide resolved

modules/sdk-coin-near/src/near.ts Show resolved Hide resolved

SimonVutovB force-pushed the WP-5782/fix-near-token-enablement-validation branch from e9cbf28 to 10c27f8 Compare September 16, 2025 17:36

SimonVutovB requested a review from mohammadalfaiyazbitgo September 19, 2025 14:20

mohammadalfaiyazbitgo requested changes Sep 22, 2025

View reviewed changes

modules/sdk-coin-near/test/unit/tokenEnablementValidation.ts Show resolved Hide resolved

SimonVutovB requested a review from mohammadalfaiyazbitgo September 22, 2025 20:32

mohammadalfaiyazbitgo requested changes Sep 23, 2025

View reviewed changes

SimonVutovB force-pushed the WP-5782/fix-near-token-enablement-validation branch from f4a41a4 to 3be12f4 Compare September 24, 2025 18:00

mohammadalfaiyazbitgo requested a review from mtexeira-simtlix September 25, 2025 13:34

mohammadalfaiyazbitgo requested changes Sep 25, 2025

View reviewed changes

SimonVutovB requested a review from mohammadalfaiyazbitgo September 25, 2025 17:04

balakrishna507 reviewed Sep 26, 2025

View reviewed changes

modules/sdk-coin-near/test/unit/tokenEnablementValidation.ts Outdated Show resolved Hide resolved

balakrishna507 requested a review from mukeshsp September 26, 2025 02:58

SimonVutovB requested a review from mohammadalfaiyazbitgo September 30, 2025 19:08

mtexeira-simtlix requested changes Oct 1, 2025

View reviewed changes

modules/sdk-coin-near/src/near.ts Outdated Show resolved Hide resolved

modules/sdk-coin-near/src/near.ts Outdated Show resolved Hide resolved

modules/sdk-coin-near/src/near.ts Show resolved Hide resolved

modules/sdk-coin-near/src/near.ts Outdated Show resolved Hide resolved

SimonVutovB force-pushed the WP-5782/fix-near-token-enablement-validation branch from 756d4df to 49a8204 Compare October 1, 2025 16:58

SimonVutovB requested a review from mtexeira-simtlix October 1, 2025 17:30

mtexeira-simtlix previously approved these changes Oct 1, 2025

View reviewed changes

mohammadalfaiyazbitgo previously approved these changes Oct 1, 2025

View reviewed changes

mohammadalfaiyazbitgo reviewed Oct 1, 2025

View reviewed changes

SimonVutovB dismissed mtexeira-simtlix’s stale review via 1c62673 October 1, 2025 18:56

SimonVutovB requested review from mohammadalfaiyazbitgo and mtexeira-simtlix October 1, 2025 18:57

mtexeira-simtlix previously approved these changes Oct 1, 2025

View reviewed changes

mohammadalfaiyazbitgo previously approved these changes Oct 2, 2025

View reviewed changes

FloBitGo previously approved these changes Oct 3, 2025

View reviewed changes

SimonVutovB dismissed stale reviews from FloBitGo, mohammadalfaiyazbitgo, and mtexeira-simtlix via 8f353e7 October 3, 2025 14:57

mohammadalfaiyazbitgo previously approved these changes Oct 4, 2025

View reviewed changes

mukeshsp previously approved these changes Oct 7, 2025

View reviewed changes

mukeshsp reviewed Oct 7, 2025

View reviewed changes

feat(sdk-coin-near): token enablement transaction validation

d84bba2

NEAR token enablement blind signing validation TICKET: WP-5782

SimonVutovB force-pushed the WP-5782/fix-near-token-enablement-validation branch from 8f353e7 to d84bba2 Compare October 7, 2025 13:04

Merge branch 'master' into WP-5782/fix-near-token-enablement-validation

307041c

SimonVutovB dismissed stale reviews from mukeshsp and mohammadalfaiyazbitgo via 307041c October 14, 2025 14:14

fix(sdk-coin-near): add missing BaseAddress import

3e49289

WP-5782 TICKET: WP-5782

SimonVutovB force-pushed the WP-5782/fix-near-token-enablement-validation branch from 57d600d to 3e49289 Compare October 14, 2025 14:55

SimonVutovB requested a review from mukeshsp October 14, 2025 15:15

	if (txParams.type === 'enabletoken') {
	if (txParams.type === 'enabletoken' && verification.verifyTokenEnablement) {

	if (txParams.type === 'enabletoken') {
	if (txParams.type === 'enabletoken' && params.verification?.verifyTokenEnablement) {

Wp 5782/fix near token enablement validation #6958

Are you sure you want to change the base?

Wp 5782/fix near token enablement validation #6958

Conversation

SimonVutovB commented Sep 11, 2025

Summary

Changes

Uh oh!

Uh oh!

mtexeira-simtlix left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

mtexeira-simtlix commented Sep 15, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

mohammadalfaiyazbitgo left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

mohammadalfaiyazbitgo left a comment

Choose a reason for hiding this comment

Uh oh!

mohammadalfaiyazbitgo left a comment

Choose a reason for hiding this comment

Uh oh!

balakrishna507 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

mtexeira-simtlix left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

mtexeira-simtlix left a comment

Choose a reason for hiding this comment

Uh oh!

mohammadalfaiyazbitgo Oct 1, 2025

Choose a reason for hiding this comment

Uh oh!

mohammadalfaiyazbitgo left a comment

Choose a reason for hiding this comment

Uh oh!

FloBitGo Oct 3, 2025

Choose a reason for hiding this comment

Uh oh!

SimonVutovB Oct 3, 2025

Choose a reason for hiding this comment

Uh oh!

mukeshsp left a comment

Choose a reason for hiding this comment

Uh oh!

sijuu commented Oct 10, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants