Skip to content

Reject SEP-10 challenges without finite time bounds#152

Merged
christian-rogobete merged 1 commit into
masterfrom
sep-10-sec
Jun 28, 2026
Merged

Reject SEP-10 challenges without finite time bounds#152
christian-rogobete merged 1 commit into
masterfrom
sep-10-sec

Conversation

@christian-rogobete

Copy link
Copy Markdown
Member

Summary

WebAuth.validateChallenge skipped time-bounds validation when a challenge transaction carried no time bounds, so such a challenge was accepted. SEP-10 requires challenge transactions to be time-bounded; challenges with no time bounds, or with an infinite maximum time (maxTime == 0), are now rejected.

WebAuth.validateChallenge skipped time-bounds validation when a
challenge carried no time bounds, so such a challenge was accepted.
SEP-10 requires challenge transactions to be time-bounded; challenges
with no time bounds, or with an infinite maximum time (maxTime == 0),
are now rejected.
@codecov

codecov Bot commented Jun 28, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.10%. Comparing base (10dbfb5) to head (12ca258).

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #152      +/-   ##
==========================================
- Coverage   90.10%   90.10%   -0.01%     
==========================================
  Files         665      665              
  Lines       33880    33882       +2     
==========================================
+ Hits        30529    30530       +1     
- Misses       3351     3352       +1     
Files with missing lines Coverage Δ
lib/src/sep/0010/webauth.dart 88.31% <100.00%> (+0.11%) ⬆️

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant