feat: (PRO-261) add signature verification flag to transaction methods (#208)

dev-jodee · github-actions · web-flow · commit 18eafc41b1db · 2025-08-29T14:48:27.000-04:00
* feat: (PRO-261) add signature verification flag to transaction methods

- Introduced `sig_verify` flag to `EstimateTransactionFeeRequest`, `SignAndSendTransactionRequest`, `SignTransactionIfPaidRequest`, and `SignTransactionRequest` for controlling signature verification during transaction simulation.
- Added `default_sig_verify` function to provide a default value for the `sig_verify` flag.
- Updated transaction resolution methods to utilize the `sig_verify` flag when simulating transactions.
- Enhanced tests to cover scenarios with the new `sig_verify` functionality.


* Add skip coverage PR comment if not main fndn repo

* Update coverage badge [skip ci]

---------

Co-authored-by: github-actions &lt;github-actions@github.com&gt;
diff --git a/.github/badges/coverage.json b/.github/badges/coverage.json
@@ -1 +1 @@
-{"schemaVersion": 1, "label": "coverage", "message": "86.3%", "color": "green"}
+{"schemaVersion": 1, "label": "coverage", "message": "86.2%", "color": "green"}
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
@@ -171,7 +171,7 @@ jobs:
           retention-days: 30
 
       - name: Update PR description with coverage badge
-        if: github.event_name == 'pull_request'
+        if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository
         uses: actions/github-script@v7
         with:
           script: |
diff --git a/crates/lib/src/rpc_server/method/estimate_transaction_fee.rs b/crates/lib/src/rpc_server/method/estimate_transaction_fee.rs
@@ -4,6 +4,7 @@ use utoipa::ToSchema;
 use crate::{
     error::KoraError,
     fee::fee::FeeConfigUtil,
+    rpc_server::middleware_utils::default_sig_verify,
     state::{get_config, get_request_signer_with_signer_key},
     token::token::TokenUtil,
     transaction::{TransactionUtil, VersionedTransactionResolved},
@@ -22,6 +23,9 @@ pub struct EstimateTransactionFeeRequest {
     /// Optional signer signer_key to ensure consistency across related RPC calls
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub signer_key: Option<String>,
+    /// Whether to verify signatures during simulation (defaults to true)
+    #[serde(default = "default_sig_verify")]
+    pub sig_verify: bool,
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize, ToSchema)]
@@ -47,8 +51,12 @@ pub async fn estimate_transaction_fee(
     let validation_config = &config.validation;
     let fee_payer = signer.solana_pubkey();
 
-    let mut resolved_transaction =
-        VersionedTransactionResolved::from_transaction(&transaction, rpc_client).await?;
+    let mut resolved_transaction = VersionedTransactionResolved::from_transaction(
+        &transaction,
+        rpc_client,
+        request.sig_verify,
+    )
+    .await?;
 
     let min_transaction_fee = FeeConfigUtil::estimate_transaction_fee(
         rpc_client,
@@ -118,6 +126,7 @@ mod tests {
             transaction: "invalid_base64!@#$".to_string(),
             fee_token: None,
             signer_key: None,
+            sig_verify: true,
         };
 
         let result = estimate_transaction_fee(&rpc_client, request).await;
@@ -136,6 +145,7 @@ mod tests {
             transaction: create_mock_encoded_transaction(),
             fee_token: None,
             signer_key: Some("invalid_pubkey".to_string()),
+            sig_verify: true,
         };
 
         let result = estimate_transaction_fee(&rpc_client, request).await;
@@ -156,6 +166,7 @@ mod tests {
             transaction: create_mock_encoded_transaction(),
             fee_token: Some("invalid_mint_address".to_string()),
             signer_key: None,
+            sig_verify: true,
         };
 
         let result = estimate_transaction_fee(&rpc_client, request).await;
diff --git a/crates/lib/src/rpc_server/method/sign_and_send_transaction.rs b/crates/lib/src/rpc_server/method/sign_and_send_transaction.rs
@@ -1,3 +1,4 @@
+use crate::rpc_server::middleware_utils::default_sig_verify;
 use serde::{Deserialize, Serialize};
 use solana_client::nonblocking::rpc_client::RpcClient;
 use std::sync::Arc;
@@ -15,6 +16,9 @@ pub struct SignAndSendTransactionRequest {
     /// Optional signer signer_key to ensure consistency across related RPC calls
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub signer_key: Option<String>,
+    /// Whether to verify signatures during simulation (defaults to true)
+    #[serde(default = "default_sig_verify")]
+    pub sig_verify: bool,
 }
 
 #[derive(Debug, Serialize, ToSchema)]
@@ -32,8 +36,12 @@ pub async fn sign_and_send_transaction(
     let transaction = TransactionUtil::decode_b64_transaction(&request.transaction)?;
     let signer = get_request_signer_with_signer_key(request.signer_key.as_deref())?;
 
-    let mut resolved_transaction =
-        VersionedTransactionResolved::from_transaction(&transaction, rpc_client).await?;
+    let mut resolved_transaction = VersionedTransactionResolved::from_transaction(
+        &transaction,
+        rpc_client,
+        request.sig_verify,
+    )
+    .await?;
 
     let (signature, signed_transaction) =
         resolved_transaction.sign_and_send_transaction(&signer, rpc_client).await?;
@@ -64,6 +72,7 @@ mod tests {
         let request = SignAndSendTransactionRequest {
             transaction: "invalid_base64!@#$".to_string(),
             signer_key: None,
+            sig_verify: true,
         };
 
         let result = sign_and_send_transaction(&rpc_client, request).await;
@@ -81,6 +90,7 @@ mod tests {
         let request = SignAndSendTransactionRequest {
             transaction: create_mock_encoded_transaction(),
             signer_key: Some("invalid_pubkey".to_string()),
+            sig_verify: true,
         };
 
         let result = sign_and_send_transaction(&rpc_client, request).await;
diff --git a/crates/lib/src/rpc_server/method/sign_transaction.rs b/crates/lib/src/rpc_server/method/sign_transaction.rs
@@ -1,4 +1,5 @@
 use crate::{
+    rpc_server::middleware_utils::default_sig_verify,
     state::get_request_signer_with_signer_key,
     transaction::{TransactionUtil, VersionedTransactionOps, VersionedTransactionResolved},
     KoraError,
@@ -14,6 +15,9 @@ pub struct SignTransactionRequest {
     /// Optional signer signer_key to ensure consistency across related RPC calls
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub signer_key: Option<String>,
+    /// Whether to verify signatures during simulation (defaults to true)
+    #[serde(default = "default_sig_verify")]
+    pub sig_verify: bool,
 }
 
 #[derive(Debug, Serialize, ToSchema)]
@@ -31,8 +35,12 @@ pub async fn sign_transaction(
     let transaction = TransactionUtil::decode_b64_transaction(&request.transaction)?;
     let signer = get_request_signer_with_signer_key(request.signer_key.as_deref())?;
 
-    let mut resolved_transaction =
-        VersionedTransactionResolved::from_transaction(&transaction, rpc_client).await?;
+    let mut resolved_transaction = VersionedTransactionResolved::from_transaction(
+        &transaction,
+        rpc_client,
+        request.sig_verify,
+    )
+    .await?;
 
     let (signed_transaction, _) =
         resolved_transaction.sign_transaction(&signer, rpc_client).await?;
@@ -65,6 +73,7 @@ mod tests {
         let request = SignTransactionRequest {
             transaction: "invalid_base64!@#$".to_string(),
             signer_key: None,
+            sig_verify: true,
         };
 
         let result = sign_transaction(&rpc_client, request).await;
@@ -82,6 +91,7 @@ mod tests {
         let request = SignTransactionRequest {
             transaction: create_mock_encoded_transaction(),
             signer_key: Some("invalid_pubkey".to_string()),
+            sig_verify: true,
         };
 
         let result = sign_transaction(&rpc_client, request).await;
diff --git a/crates/lib/src/rpc_server/method/sign_transaction_if_paid.rs b/crates/lib/src/rpc_server/method/sign_transaction_if_paid.rs
@@ -1,4 +1,5 @@
 use crate::{
+    rpc_server::middleware_utils::default_sig_verify,
     state::get_request_signer_with_signer_key,
     transaction::{TransactionUtil, VersionedTransactionOps, VersionedTransactionResolved},
     KoraError,
@@ -14,6 +15,9 @@ pub struct SignTransactionIfPaidRequest {
     /// Optional signer signer_key to ensure consistency across related RPC calls
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub signer_key: Option<String>,
+    /// Whether to verify signatures during simulation (defaults to true)
+    #[serde(default = "default_sig_verify")]
+    pub sig_verify: bool,
 }
 
 #[derive(Debug, Serialize, ToSchema)]
@@ -31,8 +35,12 @@ pub async fn sign_transaction_if_paid(
     let transaction_requested = TransactionUtil::decode_b64_transaction(&request.transaction)?;
     let signer = get_request_signer_with_signer_key(request.signer_key.as_deref())?;
 
-    let mut resolved_transaction =
-        VersionedTransactionResolved::from_transaction(&transaction_requested, rpc_client).await?;
+    let mut resolved_transaction = VersionedTransactionResolved::from_transaction(
+        &transaction_requested,
+        rpc_client,
+        request.sig_verify,
+    )
+    .await?;
 
     let (transaction, signed_transaction) = resolved_transaction
         .sign_transaction_if_paid(&signer, rpc_client)
@@ -65,6 +73,7 @@ mod tests {
         let request = SignTransactionIfPaidRequest {
             transaction: "invalid_base64!@#$".to_string(),
             signer_key: None,
+            sig_verify: true,
         };
 
         let result = sign_transaction_if_paid(&rpc_client, request).await;
@@ -82,6 +91,7 @@ mod tests {
         let request = SignTransactionIfPaidRequest {
             transaction: create_mock_encoded_transaction(),
             signer_key: Some("invalid_pubkey".to_string()),
+            sig_verify: true,
         };
 
         let result = sign_transaction_if_paid(&rpc_client, request).await;
diff --git a/crates/lib/src/rpc_server/middleware_utils.rs b/crates/lib/src/rpc_server/middleware_utils.rs
@@ -2,6 +2,10 @@ use futures_util::TryStreamExt;
 use http::Request;
 use jsonrpsee::server::logger::Body;
 
+pub fn default_sig_verify() -> bool {
+    false
+}
+
 pub async fn extract_parts_and_body_bytes(
     request: Request<Body>,
 ) -> (http::request::Parts, Vec<u8>) {
diff --git a/crates/lib/src/transaction/versioned_transaction.rs b/crates/lib/src/transaction/versioned_transaction.rs
@@ -1,6 +1,6 @@
 use async_trait::async_trait;
 use base64::{engine::general_purpose::STANDARD, Engine as _};
-use solana_client::nonblocking::rpc_client::RpcClient;
+use solana_client::{nonblocking::rpc_client::RpcClient, rpc_config::RpcSimulateTransactionConfig};
 use solana_commitment_config::CommitmentConfig;
 use solana_message::{v0::MessageAddressTableLookup, VersionedMessage};
 use solana_sdk::{
@@ -79,6 +79,7 @@ impl VersionedTransactionResolved {
     pub async fn from_transaction(
         transaction: &VersionedTransaction,
         rpc_client: &RpcClient,
+        sig_verify: bool,
     ) -> Result<Self, KoraError> {
         let mut resolved = Self {
             transaction: transaction.clone(),
@@ -113,7 +114,7 @@ impl VersionedTransactionResolved {
         let outer_instructions =
             IxUtils::uncompile_instructions(transaction.message.instructions(), &all_account_keys);
 
-        let inner_instructions = resolved.fetch_inner_instructions(rpc_client).await?;
+        let inner_instructions = resolved.fetch_inner_instructions(rpc_client, sig_verify).await?;
 
         resolved.all_instructions.extend(outer_instructions);
         resolved.all_instructions.extend(inner_instructions);
@@ -139,9 +140,17 @@ impl VersionedTransactionResolved {
     async fn fetch_inner_instructions(
         &mut self,
         rpc_client: &RpcClient,
+        sig_verify: bool,
     ) -> Result<Vec<Instruction>, KoraError> {
         let simulation_result = rpc_client
-            .simulate_transaction(&self.transaction)
+            .simulate_transaction_with_config(
+                &self.transaction,
+                RpcSimulateTransactionConfig {
+                    commitment: Some(rpc_client.commitment()),
+                    sig_verify,
+                    ..Default::default()
+                },
+            )
             .await
             .map_err(|e| KoraError::RpcError(format!("Failed to simulate transaction: {e}")))?;
 
@@ -669,9 +678,10 @@ mod tests {
         );
         let rpc_client = RpcMockBuilder::new().with_custom_mocks(mocks).build();
 
-        let resolved = VersionedTransactionResolved::from_transaction(&transaction, &rpc_client)
-            .await
-            .unwrap();
+        let resolved =
+            VersionedTransactionResolved::from_transaction(&transaction, &rpc_client, true)
+                .await
+                .unwrap();
 
         assert_eq!(resolved.transaction, transaction);
         assert_eq!(resolved.all_account_keys, transaction.message.static_account_keys());
@@ -770,9 +780,10 @@ mod tests {
 
         let rpc_client = RpcMockBuilder::new().with_custom_mocks(mocks).build();
 
-        let resolved = VersionedTransactionResolved::from_transaction(&transaction, &rpc_client)
-            .await
-            .unwrap();
+        let resolved =
+            VersionedTransactionResolved::from_transaction(&transaction, &rpc_client, true)
+                .await
+                .unwrap();
 
         assert_eq!(resolved.transaction, transaction);
 
@@ -815,7 +826,7 @@ mod tests {
         let rpc_client = RpcMockBuilder::new().with_custom_mocks(mocks).build();
 
         let result =
-            VersionedTransactionResolved::from_transaction(&transaction, &rpc_client).await;
+            VersionedTransactionResolved::from_transaction(&transaction, &rpc_client, true).await;
 
         // The simulation should fail, but the exact error type depends on mock implementation
         // We expect either an RpcError (from mock deserialization) or InvalidTransaction (from simulation logic)
@@ -877,7 +888,60 @@ mod tests {
         let rpc_client = RpcMockBuilder::new().with_custom_mocks(mocks).build();
 
         let mut resolved = VersionedTransactionResolved::from_kora_built_transaction(&transaction);
-        let inner_instructions = resolved.fetch_inner_instructions(&rpc_client).await.unwrap();
+        let inner_instructions =
+            resolved.fetch_inner_instructions(&rpc_client, true).await.unwrap();
+
+        assert_eq!(inner_instructions.len(), 1);
+        assert_eq!(inner_instructions[0].data, vec![10, 20, 30]);
+    }
+
+    #[tokio::test]
+    async fn test_fetch_inner_instructions_with_sig_verify_false() {
+        let config = setup_test_config();
+        let _m = setup_config_mock(config);
+
+        let keypair = Keypair::new();
+        let instruction = Instruction::new_with_bytes(
+            Pubkey::new_unique(),
+            &[1, 2, 3],
+            vec![AccountMeta::new(keypair.pubkey(), true)],
+        );
+        let message =
+            VersionedMessage::Legacy(Message::new(&[instruction], Some(&keypair.pubkey())));
+        let transaction = VersionedTransaction::try_new(message, &[&keypair]).unwrap();
+
+        // Mock RPC client with inner instructions
+        let inner_instruction_data = bs58::encode(&[10, 20, 30]).into_string();
+        let mut mocks = HashMap::new();
+        mocks.insert(
+            RpcRequest::SimulateTransaction,
+            json!({
+                "context": { "slot": 1 },
+                "value": {
+                    "err": null,
+                    "logs": [],
+                    "accounts": null,
+                    "unitsConsumed": 1000,
+                    "innerInstructions": [
+                        {
+                            "index": 0,
+                            "instructions": [
+                                {
+                                    "programIdIndex": 1,
+                                    "accounts": [0],
+                                    "data": inner_instruction_data
+                                }
+                            ]
+                        }
+                    ]
+                }
+            }),
+        );
+        let rpc_client = RpcMockBuilder::new().with_custom_mocks(mocks).build();
+
+        let mut resolved = VersionedTransactionResolved::from_kora_built_transaction(&transaction);
+        let inner_instructions =
+            resolved.fetch_inner_instructions(&rpc_client, false).await.unwrap();
 
         assert_eq!(inner_instructions.len(), 1);
         assert_eq!(inner_instructions[0].data, vec![10, 20, 30]);
diff --git a/tests/src/common/assertions.rs b/tests/src/common/assertions.rs
@@ -83,7 +83,7 @@ impl RpcAssertions for Value {
 
 /// Assertions for transaction responses
 pub trait TransactionAssertions {
-    /// Assert the transaction blockhash is valid (44 chars base58)
+    /// Assert the transaction blockhash is valid (43-44 chars base58)
     fn assert_valid_blockhash(&self);
 }
 
@@ -95,7 +95,10 @@ impl TransactionAssertions for Value {
             .expect("Response missing blockhash field");
 
         // Solana blockhashes are typically 44 chars in base58
-        assert_eq!(blockhash.len(), 44, "Invalid blockhash format: {blockhash}");
+        assert!(
+            blockhash.len() >= 43 && blockhash.len() <= 44,
+            "Invalid blockhash format: {blockhash}"
+        );
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-{"schemaVersion": 1, "label": "coverage", "message": "86.3%", "color": "green"}`
	`1`	`+{"schemaVersion": 1, "label": "coverage", "message": "86.2%", "color": "green"}`
Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,7 @@ impl RpcAssertions for Value {`
`83`	`83`
`84`	`84`	`/// Assertions for transaction responses`
`85`	`85`	`pub trait TransactionAssertions {`
`86`		`- /// Assert the transaction blockhash is valid (44 chars base58)`
	`86`	`+ /// Assert the transaction blockhash is valid (43-44 chars base58)`
`87`	`87`	`fn assert_valid_blockhash(&self);`
`88`	`88`	`}`
`89`	`89`
`@@ -95,7 +95,10 @@ impl TransactionAssertions for Value {`
`95`	`95`	`.expect("Response missing blockhash field");`
`96`	`96`
`97`	`97`	`// Solana blockhashes are typically 44 chars in base58`
`98`		`- assert_eq!(blockhash.len(), 44, "Invalid blockhash format: {blockhash}");`
	`98`	`+ assert!(`
	`99`	`+ blockhash.len() >= 43 && blockhash.len() <= 44,`
	`100`	`+ "Invalid blockhash format: {blockhash}"`
	`101`	`+ );`
`99`	`102`	`}`
`100`	`103`	`}`
`101`	`104`