feat: verify that expected and actual sender of transactions are a match

packages/platform-sdk-ark/src/services/transaction.test.ts

@@ -28,6 +28,7 @@ describe("Core", () => {
 		it("should verify", async () => {
 			const result = await subject.transfer({
 				nonce: "1",
+				from: "D61mfSggzbvQgTUe6JhYKH2doHaqJ3Dyib",
 				sign: {
 					mnemonic: "this is a top secret passphrase",
 				},
@@ -45,6 +46,7 @@ describe("Core", () => {
 		it("should verify", async () => {
 			const result = await subject.secondSignature({
 				nonce: "1",
+				from: "D61mfSggzbvQgTUe6JhYKH2doHaqJ3Dyib",
 				sign: {
 					mnemonic: "this is a top secret passphrase",
 				},
@@ -61,6 +63,7 @@ describe("Core", () => {
 		it("should verify", async () => {
 			const result = await subject.delegateRegistration({
 				nonce: "1",
+				from: "D61mfSggzbvQgTUe6JhYKH2doHaqJ3Dyib",
 				sign: {
 					mnemonic: "this is a top secret passphrase",
 				},
@@ -77,6 +80,7 @@ describe("Core", () => {
 		it("should verify", async () => {
 			const result = await subject.vote({
 				nonce: "1",
+				from: "D61mfSggzbvQgTUe6JhYKH2doHaqJ3Dyib",
 				sign: {
 					mnemonic: "this is a top secret passphrase",
 				},
@@ -93,6 +97,7 @@ describe("Core", () => {
 		it("should verify", async () => {
 			const result = await subject.multiSignature({
 				nonce: "1",
+				from: "DEMvpU4Qq6KvSzF3sRNjGCkm6Kj7cFfVaz",
 				data: {
 					publicKeys: [
 						"039180ea4a8a803ee11ecb462bb8f9613fcdb5fe917e292dbcc73409f0e98f8f22",
@@ -120,6 +125,7 @@ describe("Core", () => {
 		it("should verify", async () => {
 			const result = await subject.ipfs({
 				nonce: "1",
+				from: "D61mfSggzbvQgTUe6JhYKH2doHaqJ3Dyib",
 				sign: {
 					mnemonic: "this is a top secret passphrase",
 				},
@@ -134,6 +140,7 @@ describe("Core", () => {
 		it("should verify", async () => {
 			const result = await subject.multiPayment({
 				nonce: "1",
+				from: "D61mfSggzbvQgTUe6JhYKH2doHaqJ3Dyib",
 				sign: {
 					mnemonic: "this is a top secret passphrase",
 				},
@@ -154,6 +161,7 @@ describe("Core", () => {
 		it("should verify", async () => {
 			const result = await subject.delegateResignation({
 				nonce: "1",
+				from: "D61mfSggzbvQgTUe6JhYKH2doHaqJ3Dyib",
 				sign: {
 					mnemonic: "this is a top secret passphrase",
 				},
@@ -167,6 +175,7 @@ describe("Core", () => {
 		it("should verify", async () => {
 			const result = await subject.htlcLock({
 				nonce: "1",
+				from: "D61mfSggzbvQgTUe6JhYKH2doHaqJ3Dyib",
 				sign: {
 					mnemonic: "this is a top secret passphrase",
 				},
@@ -189,6 +198,7 @@ describe("Core", () => {
 		it("should verify", async () => {
 			const result = await subject.htlcClaim({
 				nonce: "1",
+				from: "D61mfSggzbvQgTUe6JhYKH2doHaqJ3Dyib",
 				sign: {
 					mnemonic: "this is a top secret passphrase",
 				},
@@ -206,6 +216,7 @@ describe("Core", () => {
 		it("should verify", async () => {
 			const result = await subject.htlcRefund({
 				nonce: "1",
+				from: "D61mfSggzbvQgTUe6JhYKH2doHaqJ3Dyib",
 				sign: {
 					mnemonic: "this is a top secret passphrase",
 				},
@@ -224,6 +235,7 @@ describe("Magistrate", () => {
 		it("should verify", async () => {
 			const result = await subject.entityRegistration({
 				nonce: "1",
+				from: "D61mfSggzbvQgTUe6JhYKH2doHaqJ3Dyib",
 				sign: {
 					mnemonic: "this is a top secret passphrase",
 				},
@@ -242,6 +254,7 @@ describe("Magistrate", () => {
 		it("should verify", async () => {
 			const result = await subject.entityResignation({
 				nonce: "1",
+				from: "D61mfSggzbvQgTUe6JhYKH2doHaqJ3Dyib",
 				sign: {
 					mnemonic: "this is a top secret passphrase",
 				},
@@ -259,6 +272,7 @@ describe("Magistrate", () => {
 		it("should verify", async () => {
 			const result = await subject.entityUpdate({
 				nonce: "1",
+				from: "D61mfSggzbvQgTUe6JhYKH2doHaqJ3Dyib",
 				sign: {
 					mnemonic: "this is a top secret passphrase",
 				},

packages/platform-sdk-ark/src/services/transaction.ts

@@ -226,6 +226,28 @@ export class TransactionService implements Contracts.TransactionService {
 		options?: Contracts.TransactionOptions,
 		callback?: Function,
 	): Promise<DTO.SignedTransactionData> {
+		let address: string | undefined;
+
+		if (input.sign.mnemonic) {
+			address = await this.#identity.address().fromMnemonic(BIP39.normalize(input.sign.mnemonic));
+		}
+
+		if (input.sign.wif) {
+			address = await this.#identity.address().fromWIF(input.sign.wif);
+		}
+
+		if (!address) {
+			throw new Error(
+				`Failed to retrieve the nonce for the signatory wallet. Please provide one through the [input] parameter.`,
+			);
+		}
+
+		if (input.from !== address) {
+			throw new Error(
+				`Signatory should be [${input.from}] but is [${address}]. Please ensure that the expected and actual signatory match.`,
+			);
+		}
+
 		let transaction;
 
 		if (this.#magistrateBuilders[type]) {
@@ -237,22 +259,6 @@ export class TransactionService implements Contracts.TransactionService {
 		if (input.nonce) {
 			transaction.nonce(input.nonce);
 		} else {
-			let address: string | undefined;
-
-			if (input.sign.mnemonic) {
-				address = await this.#identity.address().fromMnemonic(BIP39.normalize(input.sign.mnemonic));
-			}
-
-			if (input.sign.wif) {
-				address = await this.#identity.address().fromWIF(input.sign.wif);
-			}
-
-			if (!address) {
-				throw new Error(
-					`Failed to retrieve the nonce for the signatory wallet. Please provide one through the [input] parameter.`,
-				);
-			}
-
 			const body: any = (await this.#http.get(`${this.#peer}/wallets/${address}`)).json();
 
 			transaction.nonce(BigNumber.make(body.data.nonce).plus(1).toFixed());

packages/platform-sdk-atom/src/services/transaction.test.ts

@@ -19,6 +19,7 @@ describe("TransactionService", () => {
 				.reply(200, require(`${__dirname}/../../test/fixtures/client/wallet.json`));
 
 			const result: any = await subject.transfer({
+				from: "cosmos1fvxjdyfdvat5g0ee7jmyemwl2n95ad7negf7ap",
 				sign: {
 					mnemonic: "this is a top secret passphrase",
 				},

packages/platform-sdk-eos/src/services/transaction.ts

@@ -47,12 +47,12 @@ export class TransactionService implements Contracts.TransactionService {
 						name: "transfer",
 						authorization: [
 							{
-								actor: input.data.from,
+								actor: input.from,
 								permission: "active",
 							},
 						],
 						data: {
-							from: input.data.from,
+							from: input.from,
 							to: input.data.to,
 							quantity: "0.0001 TNT", // todo: use network specific token
 							memo: input.data.memo,

packages/platform-sdk-lsk/src/services/transaction.test.ts

@@ -14,6 +14,7 @@ describe("TransactionService", () => {
 			const service = await TransactionService.construct(createConfig({ network }));
 
 			const result: any = await service.transfer({
+				from: "15957226662510576840L",
 				sign: {
 					mnemonic: identity.mnemonic,
 				},
@@ -30,6 +31,7 @@ describe("TransactionService", () => {
 	describe("#secondSignature", () => {
 		it("should verify", async () => {
 			const result: any = await subject.secondSignature({
+				from: "15957226662510576840L",
 				sign: {
 					mnemonic: identity.mnemonic,
 					secondMnemonic: identity.mnemonic,
@@ -46,6 +48,7 @@ describe("TransactionService", () => {
 	describe("#delegateRegistration", () => {
 		it("should verify", async () => {
 			const result: any = await subject.delegateRegistration({
+				from: "15957226662510576840L",
 				sign: {
 					mnemonic: identity.mnemonic,
 				},
@@ -61,6 +64,7 @@ describe("TransactionService", () => {
 	describe("#vote", () => {
 		it("should verify", async () => {
 			const result: any = await subject.vote({
+				from: "15957226662510576840L",
 				sign: {
 					mnemonic: identity.mnemonic,
 				},
@@ -76,6 +80,7 @@ describe("TransactionService", () => {
 	describe("#multiSignature", () => {
 		it("should verify", async () => {
 			const result: any = await subject.multiSignature({
+				from: "15957226662510576840L",
 				sign: { mnemonic: identity.mnemonic },
 				data: {
 					publicKeys: [

packages/platform-sdk-trx/src/services/transaction.test.ts

@@ -20,11 +20,11 @@ describe("TransactionService", function () {
 				.reply(200, require(`${__dirname}/../../test/fixtures/crypto/transfer.json`));
 
 			const result = await subject.transfer({
+				from: testWallet.address,
 				sign: {
 					mnemonic: testWallet.privateKey,
 				},
 				data: {
-					from: testWallet.address,
 					to: "TY689z7Q2NpZYBxGfXbYR4PmS2WXyTNrir",
 					amount: "1",
 				},

packages/platform-sdk-trx/src/services/transaction.ts

@@ -31,7 +31,7 @@ export class TransactionService implements Contracts.TransactionService {
 		const transaction = await this.#connection.transactionBuilder.sendTrx(
 			input.data.to,
 			input.data.amount,
-			input.data.from,
+			input.from,
 			1,
 		);
 

packages/platform-sdk-xlm/src/services/client.test.ts

@@ -104,6 +104,7 @@ describe("ClientService", function () {
 
 			const result = await subject.broadcast([
 				await transactionService.transfer({
+					from: identity.address,
 					sign: {
 						mnemonic: identity.mnemonic,
 					},
@@ -136,6 +137,7 @@ describe("ClientService", function () {
 
 			const result = await subject.broadcast([
 				await transactionService.transfer({
+					from: identity.address,
 					sign: {
 						mnemonic: identity.mnemonic,
 					},

packages/platform-sdk-xlm/src/services/transaction.test.ts

@@ -23,6 +23,7 @@ describe("TransactionService", () => {
 				.reply(200, require(`${__dirname}/../../test/fixtures/client/wallet.json`));
 
 			const result: any = await subject.transfer({
+				from: identity.address,
 				sign: {
 					mnemonic: identity.mnemonic,
 				},

packages/platform-sdk/src/contracts/coins/transaction.ts

@@ -30,6 +30,7 @@ export interface TransactionInput {
 	fee?: string;
 	feeLimit?: string;
 	nonce?: string;
+	from: string;
 	sign: {
 		mnemonic: string;
 		mnemonics?: string[];
@@ -44,14 +45,13 @@ export interface TransactionInput {
 }
 
 export interface TransactionOptions {
-	unsignedJson: boolean;
 	unsignedBytes: boolean;
+	unsignedJson: boolean;
 }
 
 export interface TransferInput extends TransactionInput {
 	data: {
 		amount: string;
-		from?: string;
 		to: string;
 		memo?: string;
 	};