Skip to content

audit(stellar): initial findings, add audit tests and report skeleton#47

Closed
Abdulmajeed82 wants to merge 2 commits into
wraith-protocol:developfrom
Abdulmajeed82:audit/stellar-2026-06
Closed

audit(stellar): initial findings, add audit tests and report skeleton#47
Abdulmajeed82 wants to merge 2 commits into
wraith-protocol:developfrom
Abdulmajeed82:audit/stellar-2026-06

Conversation

@Abdulmajeed82

@Abdulmajeed82 Abdulmajeed82 commented Jun 2, 2026
edited
Loading

Copy link
Copy Markdown

Closes #1

clintjeff2 and others added 2 commits June 2, 2026 00:20
@drips-wave

drips-wave Bot commented Jun 2, 2026

Copy link
Copy Markdown

@Abdulmajeed82 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@truthixify

truthixify commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

The audit report (audits/2026-06-author-stellar-module.md) and the reproducer tests in test/audits/stellar.test.ts are what issue #1 needs.

Blocker: branch is from very old main, so the diff currently removes a lot of merged work (RN compat polyfills, JSDoc additions, COMPAT.md, range-scan filters, streaming scan, and more). Net -1261 lines. Could you rebase?

git fetch origin
git rebase origin/develop
# keep only your new files:
#   audits/2026-06-author-stellar-module.md
#   test/audits/stellar.test.ts
# and any small package.json change for the audit test path
# drop all the deletions to src/chains/stellar/*, src/compat/*, test/compat/*, test/chains/stellar/*
git push --force-with-lease

After the rebase the diff should be net-positive only, no deletions of existing files. Then I'll re-review the audit findings themselves and merge. Thanks @Abdulmajeed82.

@truthixify truthixify changed the base branch from main to develop June 3, 2026 01:57
@truthixify

truthixify commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

The audit doc and reproducer tests survive the merge. Conflicts in 4 files (all from view-tag work in #45 and streaming scan in #34):

  • src/chains/stellar/index.ts
  • src/chains/stellar/scan.ts
  • src/chains/stellar/stealth.ts
  • test/chains/stellar/scan.test.ts
git fetch origin
git rebase origin/develop
git push --force-with-lease

For scan.ts / stealth.ts keep develop's new exports (computeAnnouncementViewTag, scanAnnouncementsLegacySharedSecretTag, scanAnnouncementsStream) and graft your audit-related tests on top. For scan.test.ts keep develop's existing tests and add your audit-finding reproducers alongside.

Thanks @Abdulmajeed82.

@truthixify

truthixify commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Closing as we wrap up this round of the Wraith × Drips × Stellar Wave program.

Thanks for the contribution. The work and review history stays on this PR for reference. A new set of issues will go up shortly under the same Stellar Wave label if you want to pick something fresh next round.

If you specifically want to land the work that's already in this PR (post-wave), feel free to reopen and rebase against develop. Otherwise, no action needed.

@truthixify truthixify closed this Jun 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cryptographic audit of Stellar chain module

3 participants

@Abdulmajeed82 @truthixify @clintjeff2