fix: Stale schema hash lets EIP-712 metadata signatures apply to a different schema

[cerberus-production]

Closes #988

Summary

Automated security fix for Stale schema hash lets EIP-712 metadata signatures apply to a different schema (High).

CWE: CWE-CWE-345
OWASP: A08:2021-Software and Data Integrity Failures
Fix Confidence: high

What Changed

The vulnerability allows an attacker to modify the EIP-712 schema after the schema hash has been computed during P2_FILT_ACTIVATE, because struct_state remains INITIALIZED (not DEFINED) and handle_eip712_struct_def() only rejects definitions when struct_state == DEFINED.

The fix adds struct_state = DEFINED; immediately after the schema hash computation in the P2_FILT_ACTIVATE handler. This locks the schema by preventing any further struct name or field definitions from being accepted (since handle_eip712_struct_def checks if (struct_state == DEFINED) { ret = false; }). The assignment is placed after the if-block so it applies regardless of verbose_eip712 setting, ensuring the schema is always locked when filtering is activated.

This is a single-line addition that closes the window between schema hash computation and schema lockdown.

Caveats

• The fix sets struct_state = DEFINED unconditionally when P2_FILT_ACTIVATE is received (even when verbose_eip712 is true and schema hash is not computed). This is intentional defense-in-depth - once filtering is activated, no schema modifications should be allowed regardless.
• path_set_root() will also set struct_state = DEFINED later during implementation, which is harmless (idempotent assignment).

Verification Checklist

• Review the code change
• Run tests to verify no regression
• Verify the vulnerability is addressed — already verified by Cerberus Sentinel

---

Created by Cerberus Merlin

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 55.02%. Comparing base (bae8f45) to head (9007750).

Additional details and impacted files

@@           Coverage Diff            @@
##           develop     #989   +/-   ##
========================================
  Coverage    55.02%   55.02%           
========================================
  Files           16       16           
  Lines         1592     1592           
  Branches       201      201           
========================================
  Hits           876      876           
- Misses         708      712    +4     
+ Partials         8        4    -4     

Flag	Coverage Δ
unittests	55.02% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[cedelavergne-ledger]

Closing, because covered by #1031