Skip to content

Integrate issuance validation from SDK#58

Open
zahorodnyi wants to merge 1 commit intomainfrom
feature/issuance-validation
Open

Integrate issuance validation from SDK#58
zahorodnyi wants to merge 1 commit intomainfrom
feature/issuance-validation

Conversation

@zahorodnyi
Copy link
Collaborator

@zahorodnyi zahorodnyi commented Mar 2, 2026
edited
Loading

Integrate issuance validation from the SDK into the sync command.

Note

Validation for option creation already exists in the SDK.

Also bump simplicityhl-core, contracts, and cli-helper versions.

Fixes: #55

@zahorodnyi
Integrate issuance validation
f9e36a1 
chore: bump simplicityhl-core version
@zahorodnyi zahorodnyi self-assigned this Mar 2, 2026
@zahorodnyi zahorodnyi requested a review from KyrylR as a code owner March 2, 2026 17:18
@zahorodnyi zahorodnyi added the greptile Mark this PR to be reviewed by Greptile label Mar 2, 2026
@greptile-apps
Copy link

greptile-apps bot commented Mar 2, 2026

Greptile Summary

Added issuance validation to the option sync process using SDK functions. When syncing options from NOSTR, the code now fetches and validates both the funding and creation transactions to ensure they follow the expected issuance pattern. This prevents malicious or incorrectly-formed options from being synced.

  • Bumped simplicityhl-core from 0.4.0 to 0.4.2
  • Updated contracts and cli-helper dependencies to rev 116b0eb
  • Added verify_synced_option_creation function to validate creation transactions against SDK issuance constraints
  • Added option_creation_txid_from_funding_tx helper to extract creation txid from funding transaction
  • Validation occurs before any database operations, failing fast if constraints aren't met

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • Clean implementation that adds important security validation without modifying existing logic; proper error handling and fail-fast behavior; single logical commit with necessary dependency updates
  • No files require special attention

Important Files Changed

Filename Overview
crates/cli-client/src/sync.rs Added issuance validation from SDK with proper transaction fetching and constraint checking

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[sync_option_event called] --> B[Fetch funding transaction]
    B --> C[Extract creation txid from funding tx inputs]
    C --> D{Funding tx has >= 2 inputs?}
    D -->|No| E[Error: Invalid funding tx]
    D -->|Yes| F{Inputs 0 and 1 spend same txid?}
    F -->|No| G[Error: Inputs must spend same creation txid]
    F -->|Yes| H[Fetch creation transaction]
    H --> I{Creation tx has >= 2 inputs?}
    I -->|No| J[Error: Invalid creation tx]
    I -->|Yes| K{Issuance IDs match expected?}
    K -->|No| L[Error: Issuance ID mismatch]
    K -->|Yes| M[Build issuance constraints]
    M --> N[Verify issuance with SDK]
    N -->|Valid| O[Proceed with sync]
    N -->|Invalid| P[Error: Invalid issuance]
    O --> Q[Add contract to store]
    Q --> R[Insert token metadata]
    R --> S[Sync UTXO]
Loading

Last reviewed commit: f9e36a1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KyrylR KyrylR Awaiting requested review from KyrylR KyrylR is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@zahorodnyi zahorodnyi

Labels

greptile Mark this PR to be reviewed by Greptile

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Issuance validation

1 participant

@zahorodnyi