Harden input validation in Stellar asset encoding, Zilliqa signing preimage, and BIP32 derivation path parsing

[nikhil-gupta-tw]

This pull request introduces improved input validation and error handling for Stellar and Zilliqa transaction signing, as well as minor refactoring for data handling. The most significant changes are the addition of explicit checks for invalid parameters in Stellar asset encoding and derivation path parsing, and the propagation of errors back to the caller.

Stellar transaction signing improvements:

• Added validation in encodeAsset to ensure alphanum4 asset codes do not exceed 4 characters, throwing an invalid_argument exception if violated.
• Updated the Signer::sign method to catch invalid_argument exceptions and set error codes and messages in the output, improving error reporting for invalid signing inputs.
• Included <stdexcept> in Signer.cpp to support exception handling.

Derivation path validation:

• Added a check in DerivationPath constructor to ensure non-hardened indices are less than 2^31, throwing an exception if not.

Zilliqa transaction signing refactor:

• Replaced direct data construction from proto fields with store(load(...)) pattern for gasPrice and amount fields in Signer::getPreImage, standardizing data handling. [1] [2]

[octane-security-app]

Summary by Octane

New Contracts

No new contracts were added.

Updated Contracts

• DerivationPath.cpp: Added validation for non-hardened indices to ensure they are less than 2^31.
• Signer.cpp: The smart contract now includes error handling for signature generation and validates that the alphanum4 asset code is 4 characters or fewer.
• Signer.cpp: The smart contract now utilizes a store(load()) pattern for handling gasPrice and amount fields instead of directly converting input data.

---

🔗 Commit Hash: ce5c501

[github-actions]

Binary size comparison

➡️ aarch64-apple-ios: 14.31 MB

➡️ aarch64-apple-ios-sim: 14.32 MB

➡️ aarch64-linux-android: 18.73 MB

➡️ armv7-linux-androideabi: 16.17 MB

➡️ wasm32-unknown-emscripten: 13.66 MB

[octane-security-app]

Overview

Vulnerabilities found:	4
Severity breakdown:	3 Low, 1 Informational

Detailed findings

src/HDWallet.cpp

• Unchecked public CKD with hardened high-bit indices in HDWallet::getPublicKeyFromExtended causes wrong child public key derivation. See more

src/interface/TWHDWallet.cpp

• New non-hardened index check in DerivationPath parser throws across unguarded FFI, causing process termination. See more

src/Keystore/StoredKey.cpp

• Stricter index check in DerivationPath(string) during StoredKey::loadJson causes keystore import denial. See more

src/Zilliqa/Signer.cpp

• Missing uint256 width checks with silent truncation in Zilliqa Signer preimage builder causes acceptance of malformed amounts/gas prices. See more

---

🔗 Commit Hash: ce5c501
🛡️ Octane Dashboard: All vulnerabilities

[sergei-boiko-trustwallet]

LGTM, just a minor question