Skip to content

fix: Inner batch transactions never have valid signatures #6069

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ximinez wants to merge 10 commits into
base: develop
Choose a base branch
from
Open

fix: Inner batch transactions never have valid signatures #6069

ximinez wants to merge 10 commits into from

Conversation

@ximinez
Copy link
Collaborator

@ximinez ximinez commented Nov 21, 2025

High Level Overview of Change

Introduces a fix amendment that will skip over a problematic and unnecessary block in checkValidity that will set flags indicating that an inner transaction has a valid signature. Inner transactions, by definition, never have valid signatures.

I don't think this is exploitable as such, because there are additional checks before an inner transaction is applied to the ledger, but why take that chance?

It updates some of the callers of checkValidity to skip over the function if the tfInnerBatchTxn flag is set, either by treating it as always valid, or always invalid, depending on the context. The remaining will always fail for an inner tx.

Introduces amendment fixBatchInnerSigs.

Context of Change

This discussion on the Lending Protocol implementation PR: #5270 (comment)

Type of Change

  • Bug fix (non-breaking change which fixes an issue)

@ximinez
fix: Inner batch transactions never have a valid signatures
f4d55c8 
- Introduces amendment `fixBatchInnerSigs`
@ximinez ximinez requested a review from a team as a code owner November 21, 2025 21:19
@codecov
Copy link

codecov bot commented Nov 21, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 71.42857% with 6 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.6%. Comparing base (c9f17dd) to head (06b4e84).

Files with missing lines Patch % Lines
src/xrpld/app/tx/detail/apply.cpp 25.0% 6 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff            @@
##           develop   #6069     +/-   ##
=========================================
- Coverage     78.6%   78.6%   -0.0%     
=========================================
  Files          818     818             
  Lines        68938   68944      +6     
  Branches      8240    8236      -4     
=========================================
- Hits         54177   54172      -5     
- Misses       14761   14772     +11
Files with missing lines Coverage Δ
src/xrpld/app/ledger/detail/OpenLedger.cpp 70.6% <ø> (ø)
src/xrpld/app/misc/NetworkOPs.cpp 69.9% <100.0%> (+0.1%) ⬆️
src/xrpld/app/tx/detail/Transactor.cpp 92.2% <100.0%> (+0.1%) ⬆️
src/xrpld/app/tx/detail/Transactor.h 100.0% <ø> (ø)
src/xrpld/overlay/detail/PeerImp.cpp 3.8% <ø> (ø)
src/xrpld/app/tx/detail/apply.cpp 89.1% <25.0%> (-3.5%) ⬇️

... and 2 files with indirect coverage changes

Impacted file tree graph

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@mvadari mvadari requested a review from dangell7 November 21, 2025 21:42
@ximinez ximinez mentioned this pull request Nov 21, 2025
Merged
7 tasks
@ximinez ximinez changed the title fix: Inner batch transactions never have a valid signatures fix: Inner batch transactions never have valid signatures Nov 24, 2025
dangell7
dangell7 requested changes Dec 2, 2025
View reviewed changes
src/xrpld/app/tx/detail/Transactor.cpp
auto const pkSigner = sigObject.getFieldVL(sfSigningPubKey);
// Ignore signature check on batch inner transactions
if (sigObject.isFlag(tfInnerBatchTxn) && view.rules().enabled(featureBatch))
bool const useCtx = view.rules().enabled(fixBatchInnerSigs);
Copy link
Collaborator

@dangell7 dangell7 Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesnt seem right. Can't you just check for the parentBatchId?

src/xrpld/app/tx/detail/apply.cpp
// original `Batch` implementation. An inner transaction never
// has a valid signature.
bool const neverValid = rules.enabled(fixBatchInnerSigs);
if (!neverValid)
Copy link
Collaborator

@dangell7 dangell7 Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing code coverage.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dangell7 dangell7 dangell7 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ximinez @dangell7