Skip to content

[CONTRACT] Canonical signature_payload encoding for session-key authorization #969

Description

@wheval

Feature Description

Define and enforce a single canonical byte encoding for signature_payload so the same intent cannot be re-signed under different encodings (malleability / replay class).

Problem Statement

Open #936: no canonical encoding requirement. SDK, relayer, and contract must agree on bytes-to-sign.

Proposed Solution

  1. Spec in docs/contract-methods or CAP-style note.
  2. Contract verifies exact encoding; SDK helpers build only that form.
  3. Vectors in account-abstraction + contract tests.
  4. Relayer verify uses same helper.

Impact Area

  • Smart Contracts
  • SDK
  • Security

Priority

  • Critical

Implementation Complexity

  • Complex

Related

#936

Metadata

Metadata

Assignees

No one assigned

    Labels

    GrantFox OSSIssue tracked in GrantFox OSSMaybe RewardedIssue may be eligible for a GrantFox rewardOfficial Campaign | FWC26Campaign: Official Campaign | FWC26bugSomething isn't workingcontractsmart contract related workhardsdkrelated to sdksecurity

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions