Skip to content

feat(sdk-coin-algo): verify consolidation transaction #7411

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat(sdk-coin-algo): verify consolidation transaction #7411

wants to merge 1 commit into from
+507 −4

Conversation

@mohammadalfaiyazbitgo
Copy link
Contributor

Implement verification to ensure consolidation transactions send funds to the wallet's base address (rootAddress). This prevents malicious transactions from redirecting consolidated funds to unauthorized addresses.

Changes:

  • Add consolidationToBaseAddress verification in verifyTransaction method
  • Verify transaction recipient matches wallet rootAddress for both native (pay) and token (axfer) transactions
  • Test both positive (valid consolidation) and negative (malicious) cases

The verification is triggered when params.verification.consolidationToBaseAddress is set to true, which happens automatically in sendAccountConsolidations.

  • Tested with script, consolidating native assets to root address

TICKET: WP-5729

@mohammadalfaiyazbitgo mohammadalfaiyazbitgo force-pushed the WP-5729/validate-algo-consolidation branch from 9c050b7 to 91829d6 Compare November 3, 2025 14:40
@mohammadalfaiyazbitgo mohammadalfaiyazbitgo changed the title feat(sdk-coinalgo): verify consolidation transaction feat(sdk-coin-algo): verify consolidation transaction Nov 3, 2025
@mohammadalfaiyazbitgo mohammadalfaiyazbitgo marked this pull request as ready for review November 3, 2025 14:45
@mohammadalfaiyazbitgo mohammadalfaiyazbitgo requested a review from a team as a code owner November 3, 2025 14:45
@mohammadalfaiyazbitgo
feat(sdk-coin-algo): verify consolidation transaction
998b287 
Implement verification to ensure consolidation transactions send funds to
the wallet's base address (rootAddress). This prevents malicious transactions
from redirecting consolidated funds to unauthorized addresses.

Changes:
- Add consolidationToBaseAddress verification in verifyTransaction method
- Verify transaction recipient matches wallet rootAddress for both native
  (pay) and token (axfer) transactions
- Test both positive (valid consolidation) and negative (malicious) cases

The verification is triggered when params.verification.consolidationToBaseAddress
is set to true, which happens automatically in sendAccountConsolidations.

Ticket: WP-5729

TICKET: WP-5729
@mohammadalfaiyazbitgo mohammadalfaiyazbitgo force-pushed the WP-5729/validate-algo-consolidation branch from 91829d6 to 998b287 Compare November 3, 2025 14:56
ArunBala-Bitgo
ArunBala-Bitgo approved these changes Nov 4, 2025
View reviewed changes
Copy link
Contributor

@ArunBala-Bitgo ArunBala-Bitgo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm

nvjsr
nvjsr approved these changes Nov 4, 2025
View reviewed changes
Copy link
Contributor

@nvjsr nvjsr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@margueriteblair margueriteblair margueriteblair approved these changes

@nvjsr nvjsr nvjsr approved these changes

@ArunBala-Bitgo ArunBala-Bitgo ArunBala-Bitgo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@mohammadalfaiyazbitgo @margueriteblair @nvjsr @ArunBala-Bitgo