tari-project / tari / 26843529951
60%

DEFAULT BRANCH: development
Ran
Jobs 1
Files 702
Run time 3min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 61.3% (+0.01%) from 61.29%
26843529951

push

github

web-flow 
fix(wallet): bind target sidechain into burn claim ownership proof (#7868)

## Description

The L1→L2 burn claim ownership signature
(`generate_burn_claim_signature`) builds its challenge from only:

```rust
ConfidentialOutputHasher::new("commitment_signature")
    .chain(&commitment)
    .chain(claim_public_key)
    .finalize()
```

There is **no chain/application identifier** in the challenge.
`ConfidentialOutputHasher` already mixes the **Tari network** byte into
its hash domain, so cross-*network* replay is prevented — but another
sidechain or application that reuses this same claim mechanism **on the
same network** could replay the proof to claim the burn on their chain.

This PR binds the **target sidechain's public key** into the challenge.
That key is the deployment key's public key — exactly what
`SideChainId::sign` already records on-chain in
`SideChainFeature.sidechain_id`, so the L2 verifier can reconstruct the
same challenge from on-chain data. The value is threaded as
`Option<&CompressedPublicKey>`; the `Option` encoding distinguishes "no
sidechain" (default L2 chain, no deployment key) from a specific one.

## Why this is safe on L1

The burn claim `ownership_proof` is **not** part of any base-layer
consensus rule — it is a payload carried for L2 (Ootle) to consume.
Confirmed by tracing every reference:

- `ownership_proof` is never read in `base_layer/core/src/validation/`,
mempool, block, kernel, or output validation.
- The challenge label `"commitment_signature"` appears only in the
signer and the wallet test.
- The only consensus-validated burn fields are the output commitment ↔
kernel `burn_commitment` match and the separate `sidechain_id`
knowledge-proof over `claim_public_key` — neither is touched here.

So changing the challenge cannot affect L1 consensus.

## Changes

- `TransactionKeyManagerInterface::generate_burn_claim_signature` gains
a `sidechain_id: Option<&CompressedPublicKey>` parameter (+ legacy
key-manager delegates).... (continued)

0 of 11 new or added lines in 4 files covered. (0.0%)

4 existing lines in 3 files now uncovered.

71941 of 117359 relevant lines covered (61.3%)

222769.07 hits per line

Uncovered Changes

Lines Coverage File
4
0.0
 0.0% base_layer/wallet/src/transaction_service/service.rs
3
58.81
 -0.17% base_layer/transaction_components/src/key_manager/manager.rs
2
12.03
 -0.03% base_layer/transaction_key_manager/src/legacy_key_manager/inner.rs
2
5.91
 -0.03% base_layer/transaction_key_manager/src/legacy_key_manager/wrapper.rs

Coverage Regressions

Lines Coverage File
2
85.05
 -0.71% comms/core/src/connection_manager/manager.rs
1
56.77
 -0.32% base_layer/core/src/base_node/state_machine_service/states/listening.rs
1
58.81
 -0.17% base_layer/transaction_components/src/key_manager/manager.rs
Jobs
ID Job ID Ran Files Coverage
1 26843529951.1 702
61.3
 GitHub Action Run
Source Files on build 26843529951