Skip to content

Fix/multisig validation edge cases#405

Merged
Xhristin3 merged 3 commits intorinafcode:mainfrom
Chrisland58:fix/multisig-validation-edge-cases
Apr 28, 2026
Merged

Fix/multisig validation edge cases#405
Xhristin3 merged 3 commits intorinafcode:mainfrom
Chrisland58:fix/multisig-validation-edge-cases

Conversation

@Chrisland58
Copy link
Copy Markdown
Contributor

@Chrisland58 Chrisland58 commented Apr 23, 2026

Fix: Multi-Signature Validation Edge Cases

Addresses edge case vulnerabilities in multi-signature validation.

Changes

  • Added EscrowValidator::validate_multisig as a single source of truth for all multisig checks,
    replacing duplicated inline logic in validate_create_escrow and validate_escrow_parameters
  • Replaced bare += weight accumulation with checked_add to prevent silent u32 overflow
  • Enforces threshold boundaries: 1 ≤ threshold ≤ total_weight
  • Rejects zero-weight signers and duplicate signer addresses

Tests

Added test_multisig_threshold_boundaries covering:

@Chrisland58
fix: multi-signature validation edge cases
bcaffc5 
- Implement duplicate signer detection in check_duplicate_signers (O(n²) address comparison)
- Reject signers with zero weight in validate_create_escrow and validate_escrow_parameters
- Fix validate_threshold to compare against total weight instead of signer count
@Chrisland58
fix: handle multisig duplicate signatures, weight validation, and thr…
449867d 
…eshold boundaries

- Add EscrowValidator::validate_multisig consolidating all edge case checks
- Use checked_add to prevent u32 weight overflow
- Enforce threshold within [1, total_weight]
- Reject zero-weight and duplicate signers
- Refactor validate_create_escrow and validate_escrow_parameters to delegate to validate_multisig
- Add test_multisig_threshold_boundaries covering all edge cases
@drips-wave
Copy link
Copy Markdown

drips-wave Bot commented Apr 23, 2026

@Chrisland58 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@Xhristin3
Copy link
Copy Markdown
Contributor

Xhristin3 commented Apr 24, 2026

@Chrisland58 resolve conflicts.

1 similar comment
@Xhristin3
Copy link
Copy Markdown
Contributor

Xhristin3 commented Apr 27, 2026

@Chrisland58 resolve conflicts.

@Xhristin3 Xhristin3 merged commit e82f5a4 into rinafcode:main Apr 28, 2026
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Xhristin3 Xhristin3 Xhristin3 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fix potential edge case in multi-signature validation

2 participants

@Chrisland58 @Xhristin3