Skip to content

node/solana: base58-decode websocket account pubkey#4894

Open
peaktwilight wants to merge 1 commit into
wormhole-foundation:mainfrom
peaktwilight:fix/solana-ws-pubkey-base58-decode
Open

node/solana: base58-decode websocket account pubkey#4894
peaktwilight wants to merge 1 commit into
wormhole-foundation:mainfrom
peaktwilight:fix/solana-ws-pubkey-base58-decode

Conversation

@peaktwilight

Copy link
Copy Markdown

The Pythnet account-subscription websocket path (processAccountSubscriptionData) built the account PublicKey with solana.PublicKeyFromBytes([]byte(value.Pubkey)), but value.Pubkey is a base58-encoded string (the pubkey field of the accountSubscribe JSON notification). Casting the string to []byte reinterprets the base58 text as raw 32-byte key material, producing an incorrect PublicKey.

This key becomes the observation TxID on the account-based path, so the effect is a wrong/garbled TxID in emitted observations and logs. It does not affect the VAA digest (derived from emitter, sequence and payload), so this is a correctness/observability fix, not a consensus or security change.

Fix: decode the base58 string with solana.PublicKeyFromBase58 and surface any decode error, matching how pubkey strings are parsed elsewhere in the watcher (config.go). Adds a table-driven test using real base58 pubkeys that fails against the pre-fix code.

The Pythnet account-subscription websocket path built the account
PublicKey with solana.PublicKeyFromBytes([]byte(value.Pubkey)), but
value.Pubkey is a base58-encoded string. Casting the string to a byte
slice reinterprets the base58 text as raw key bytes, producing an
incorrect PublicKey.

This key is used as the observation TxID on the account-based path, so
the effect is a wrong/garbled TxID in emitted observations and logs. It
does not affect the VAA digest (derived from emitter, sequence and
payload), so this is a correctness/observability fix, not a consensus or
security change.

Decode the base58 string with solana.PublicKeyFromBase58 and surface any
decode error, matching how pubkey strings are parsed elsewhere in the
watcher.

Add table-driven coverage that decodes real base58 account addresses,
asserts the decoded key round-trips to its address while the old byte
cast yields a different key, and drives processAccountSubscriptionData
end to end so the emitted TxID matches the decoded pubkey and a
non-base58 pubkey surfaces an error.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant