Skip to content

fix: handle unsupported system transaction type [PM-19971]#840

Merged
m2ux merged 3 commits into
mainfrom
fix/PM-19971-handle-unsupported-transaction-type
Mar 6, 2026
Merged

fix: handle unsupported system transaction type [PM-19971]#840
m2ux merged 3 commits into
mainfrom
fix/PM-19971-handle-unsupported-transaction-type

Conversation

@m2ux

@m2ux m2ux commented Mar 2, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

Reject unrecognized SystemTransaction variants with an explicit error instead of silently labeling them as "unknown" for metrics, closing an observability gap identified by the Least Authority audit.

🎫 Ticket 📐 Engineering 🧪 Test Plan

Motivation

A security audit (Least Authority, Issue AC) identified that get_system_tx_type in the ledger host function used a wildcard match arm (_ => "unknown") for unrecognized SystemTransaction variants. While the binary deserialization layer already prevents truly malformed transactions from reaching this code, the silent labeling creates an observability gap: if a newer midnight-ledger introduces a new variant, an older node build would quietly process it without any warning or error, making version mismatches invisible to operators.

Changes

  • get_system_tx_type — Changed return type from &'static str to Result<&'static str, LedgerApiError>. The wildcard arm now logs an error and returns Err(SystemTransactionError::UnknownError) (code 204). Extracted from impl Bridge<S, D> to a standalone free function to enable direct unit testing (the generic bounds on the impl block prevented calling it from test modules).
  • apply_system_transaction — Propagates the new Result via ?, rejecting unknown variants before processing.
  • Tests — 7 unit tests covering all constructible SystemTransaction variants (7/8 known variants; OverwriteParameters requires complex LedgerParameters construction). The wildcard path is untestable by design due to #[non_exhaustive].
  • Change file — Added audit-handle-unsupported-system-transaction-type.md.

📌 Submission Checklist

  • Changes are backward-compatible (or flagged if breaking)
  • Pull request description explains why the change is needed
  • Self-reviewed the diff
  • I have included a change file, or skipped for this reason: N/A
  • If the changes introduce a new feature, I have bumped the node minor version
  • Update documentation (if relevant)
  • No new todos introduced

🔱 Fork Strategy

  • Node Runtime Update
  • Node Client Update
  • Other
  • N/A

🗹 TODO before merging

  • Ready for review

@m2ux m2ux self-assigned this Mar 2, 2026
@github-actions

github-actions Bot commented Mar 2, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

kics-logo

KICS version: v2.1.19

Category Results
CRITICAL CRITICAL 0
HIGH HIGH 0
MEDIUM MEDIUM 47
LOW LOW 3
INFO INFO 59
TRACE TRACE 0
TOTAL TOTAL 109
Metric Values
Files scanned placeholder 26
Files parsed placeholder 26
Files failed to scan placeholder 0
Total executed queries placeholder 73
Queries failed to execute placeholder 0
Execution time placeholder 11

@m2ux m2ux force-pushed the fix/PM-19971-handle-unsupported-transaction-type branch from fc2354f to c30d20a Compare March 4, 2026 17:47
@m2ux m2ux marked this pull request as ready for review March 4, 2026 17:51
@m2ux m2ux requested a review from a team as a code owner March 4, 2026 17:51
justinfrevert
justinfrevert reviewed Mar 4, 2026
View reviewed changes
Comment thread changes/changed/audit-handle-unsupported-system-transaction-type.md Outdated
@m2ux m2ux enabled auto-merge March 5, 2026 09:02
m2ux and others added 2 commits March 6, 2026 09:25
@m2ux
fix: reject unsupported system transaction types [PM-19971]
4185f9a 
Extract get_system_tx_type as a standalone free function. Change return
type to Result<&'static str, LedgerApiError>. Wildcard arm now logs an
error and returns Err(SystemTransactionError::UnknownError) for
unrecognized SystemTransaction variants.

Addresses Least Authority audit Issue AC.
@m2ux @justinfrevert
Update changes/changed/audit-handle-unsupported-system-transaction-ty…
cfa202d 
…pe.md

Co-authored-by: justinfrevert <81839854+justinfrevert@users.noreply.github.com>
@m2ux m2ux force-pushed the fix/PM-19971-handle-unsupported-transaction-type branch from 79419e4 to cfa202d Compare March 6, 2026 09:25
@m2ux m2ux added this pull request to the merge queue Mar 6, 2026
Merged via the queue into main with commit 22be9bd Mar 6, 2026
34 checks passed
@m2ux m2ux deleted the fix/PM-19971-handle-unsupported-transaction-type branch March 6, 2026 12:15
@adamreynolds-io adamreynolds-io mentioned this pull request Apr 1, 2026
Closed
4 tasks
gilescope pushed a commit that referenced this pull request Apr 8, 2026
@LGLO
docs: cut changelog for v1.7.0 (#840)
501b9bf
@gilescope gilescope added this to the node-1.0.0 milestone Apr 10, 2026
m2ux added a commit that referenced this pull request Apr 23, 2026
@m2ux
docs: cut changelog for v1.7.0 (#840)
32961ed 
Signed-off-by: Mike Clay <mike.clay@shielded.io>
m2ux added a commit that referenced this pull request Apr 23, 2026
@m2ux
docs: cut changelog for v1.7.0 (#840)
58572a3 
Signed-off-by: Mike Clay <mike.clay@shielded.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@justinfrevert justinfrevert justinfrevert approved these changes

Assignees

@m2ux m2ux

Labels

None yet

Projects

None yet

Milestone

node-1.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@m2ux @justinfrevert @gilescope