What version are you using?
v25.2.0
What did you do?
Several commands fetch WASM bytecode by hash from an RPC server but never verify that sha256(returned_bytes) matches the requested hash. As a defensive measure, the CLI should verify the integrity of the returned bytes against the known hash before using them.
Affected commands:
stellar contract invokestellar contract fetchstellar contract deploystellar contract infostellar events
What did you expect to see?
The CLI should compute sha256(returned_bytes) after fetching the WASM bytes and compare it to the requested hash. If the hash does not match, the CLI should return an error with a meaningful message indicating that the WASM bytecode returned by the RPC server does not match the expected hash.
What did you see instead?
The returned bytes are accepted without any integrity check.
What version are you using?
v25.2.0
What did you do?
Several commands fetch WASM bytecode by hash from an RPC server but never verify that
sha256(returned_bytes)matches the requested hash. As a defensive measure, the CLI should verify the integrity of the returned bytes against the known hash before using them.Affected commands:
stellar contract invokestellar contract fetchstellar contract deploystellar contract infostellar eventsWhat did you expect to see?
The CLI should compute
sha256(returned_bytes)after fetching the WASM bytes and compare it to the requested hash. If the hash does not match, the CLI should return an error with a meaningful message indicating that the WASM bytecode returned by the RPC server does not match the expected hash.What did you see instead?
The returned bytes are accepted without any integrity check.