What
When the L2PS SDK decrypts an inner transaction, it compares the original hash carried in the encrypted payload to the decrypted transaction's own .hash field — but does not recompute that hash from the decrypted content. A caller that trusts the SDK alone, without going through a node, would accept a tampered inner transaction as long as its .hash field still matches the payload's original_hash.
Why this matters — and why it is low priority
The node already independently re-verifies every inner transaction via confirmTx/isCoherent before accepting it, so this is not an exploitable bypass on any production path. Adding the SDK-side recomputation is defence-in-depth — it closes the gap for any future caller that does not have a node in front of it (offline tooling, audit consumers).
Fix
Recompute the decrypted content's hash through the SDK's serializeTransactionContent (both fork shapes), compare to the carried original_hash, and verify the inner signature per algorithm. Surface a clear error on mismatch instead of returning the tampered transaction.
Source
PATH-OS L2PS hardening report — they down-corrected this from "auth bypass" to "defence-in-depth" after reading the node source. Patch is ready to submit if we want it.
Status
Todo. Low priority — not on the path of any production traffic today.
What
When the L2PS SDK decrypts an inner transaction, it compares the original hash carried in the encrypted payload to the decrypted transaction's own
.hashfield — but does not recompute that hash from the decrypted content. A caller that trusts the SDK alone, without going through a node, would accept a tampered inner transaction as long as its.hashfield still matches the payload'soriginal_hash.Why this matters — and why it is low priority
The node already independently re-verifies every inner transaction via
confirmTx/isCoherentbefore accepting it, so this is not an exploitable bypass on any production path. Adding the SDK-side recomputation is defence-in-depth — it closes the gap for any future caller that does not have a node in front of it (offline tooling, audit consumers).Fix
Recompute the decrypted content's hash through the SDK's
serializeTransactionContent(both fork shapes), compare to the carriedoriginal_hash, and verify the inner signature per algorithm. Surface a clear error on mismatch instead of returning the tampered transaction.Source
PATH-OS L2PS hardening report — they down-corrected this from "auth bypass" to "defence-in-depth" after reading the node source. Patch is ready to submit if we want it.
Status
Todo. Low priority — not on the path of any production traffic today.