Skip to content

fix: validate fee recipient for proposed block#206

Open
matthias-wright wants to merge 5 commits into
audit-may-2026from
m/fee-recipient
Open

fix: validate fee recipient for proposed block#206
matthias-wright wants to merge 5 commits into
audit-may-2026from
m/fee-recipient

Conversation

@matthias-wright
Copy link
Copy Markdown
Collaborator

@matthias-wright matthias-wright commented May 19, 2026

Builds on #191 (which builds on #190).

This addresses #200.

Changes:

  • Adds a check for the fee recipient to handle_verify. This check is only performed, if the treasury_address is non-zero. If the treasury_address is set to the zero address, then block proposers may chose any fee recipient.
  • Adds unit tests for verifying this.

@matthias-wright matthias-wright changed the title M/fee recipient fix: validate fee recipient for proposed block May 19, 2026
@matthias-wright matthias-wright mentioned this pull request May 19, 2026
Open
@evonide
Copy link
Copy Markdown

evonide commented May 21, 2026

This appears to verify the fee recipient when treasury mode is nonzero but leaves the zero-treasury/proposer-recipient case unchecked. Should verification require the payload fee recipient to match the expected proposer withdrawal address in that mode, too?

@evonide evonide mentioned this pull request May 22, 2026
Open
@matthias-wright
Copy link
Copy Markdown
Collaborator Author

matthias-wright commented May 22, 2026

When the treasury address is set to zero, the block proposer may use its own address for the fee recipient (or any other address), so I think this check should cover it.

@matthias-wright matthias-wright mentioned this pull request May 22, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@matthias-wright @evonide