From 677cbb9f9cb60097115bcf27ff15b839657ba15d Mon Sep 17 00:00:00 2001 From: Lean Mendoza Date: Fri, 4 Oct 2024 18:12:52 -0300 Subject: [PATCH] fix: validate challenge to sign (#456) * fix: validate challenge to sign * bump android version --------- Co-authored-by: Mateo "Kuruk" Miccino --- godot/export_presets.cfg | 2 +- lib/src/comms/adapter/archipelago.rs | 5 +++++ lib/src/comms/adapter/ws_room.rs | 5 +++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/godot/export_presets.cfg b/godot/export_presets.cfg index f87ccb9d2..164995ca0 100644 --- a/godot/export_presets.cfg +++ b/godot/export_presets.cfg @@ -234,7 +234,7 @@ architectures/armeabi-v7a=false architectures/arm64-v8a=true architectures/x86=false architectures/x86_64=true -version/code=12 +version/code=13 version/name="1.0" package/unique_name="org.decentraland.godotexplorer" package/name="Decentraland" diff --git a/lib/src/comms/adapter/archipelago.rs b/lib/src/comms/adapter/archipelago.rs index 7b203fa2d..6025ab6f5 100644 --- a/lib/src/comms/adapter/archipelago.rs +++ b/lib/src/comms/adapter/archipelago.rs @@ -168,6 +168,11 @@ impl ArchipelagoManager { let challenge_to_sign = challenge_msg.challenge_to_sign.clone(); + if !challenge_to_sign.starts_with("dcl-") { + tracing::error!("invalid challenge to sign"); + return; + } + // TODO: should this block_on be async? the ephemeral wallet is sync let signature = futures_lite::future::block_on( self.ephemeral_auth_chain diff --git a/lib/src/comms/adapter/ws_room.rs b/lib/src/comms/adapter/ws_room.rs index 849ac271f..d205c0f65 100644 --- a/lib/src/comms/adapter/ws_room.rs +++ b/lib/src/comms/adapter/ws_room.rs @@ -214,6 +214,11 @@ impl WebSocketRoom { let challenge_to_sign = challenge_msg.challenge_to_sign.clone(); + if !challenge_to_sign.starts_with("dcl-") { + tracing::error!("invalid challenge to sign"); + return; + } + // TODO: should this block_on be async? the ephemeral wallet is sync let signature = futures_lite::future::block_on( self.ephemeral_auth_chain