Skip to content

Avoid revert caused by slice overflow in WebAuthn.verify#6329

Merged
ernestognw merged 3 commits intoOpenZeppelin:masterfrom
Amxx:fix/WebAuthn/invalid-index-reverts
Feb 10, 2026
Merged

Avoid revert caused by slice overflow in WebAuthn.verify#6329
ernestognw merged 3 commits intoOpenZeppelin:masterfrom
Amxx:fix/WebAuthn/invalid-index-reverts

Conversation

@Amxx
Copy link
Collaborator

@Amxx Amxx commented Feb 6, 2026

Fixes issue L01 in 5.6 audit.

PR Checklist

  • Tests
  • Documentation
  • Changeset entry (run npx changeset add)

@Amxx Amxx requested a review from a team as a code owner February 6, 2026 13:57
@Amxx Amxx added this to the 5.6 milestone Feb 6, 2026
@changeset-bot
Copy link

changeset-bot bot commented Feb 6, 2026
edited
Loading

🦋 Changeset detected

Latest commit: db9d2de

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
openzeppelin-solidity Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 6, 2026

Walkthrough

A changeset declares a minor version bump for openzeppelin-solidity with a fix to WebAuthn.sol. The verify function previously could revert instead of returning false during challenge validation. The fix implements bounds-safe string extraction and comparison using utility libraries, checking clientDataJSON length before accessing the expected challenge slice. Supporting test changes include a new testVerifyIndexOutOfBounds case and new overloads for the _runVerify helper to parameterize challengeIndex and typeIndex values.

Suggested labels

bug

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title 'Avoid revert caused by slice overflow in WebAuthn.verify' directly and clearly describes the main change: preventing a revert due to slice overflow in the WebAuthn verification function, which matches the core objective of the changeset.
Description check ✅ Passed The description references fixing issue L01 from the 5.6 audit and indicates tests and changeset entry are included, which aligns with the changes shown in the raw summary covering WebAuthn.sol fixes and test additions.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Comment @coderabbitai help to get the list of available commands and usage tips.

@ernestognw ernestognw force-pushed the fix/WebAuthn/invalid-index-reverts branch from 8b63528 to 34cabc8 Compare February 10, 2026 04:15
@ernestognw ernestognw force-pushed the fix/WebAuthn/invalid-index-reverts branch from 34cabc8 to db9d2de Compare February 10, 2026 04:17
@ernestognw ernestognw merged commit 8614ef7 into OpenZeppelin:master Feb 10, 2026
12 checks passed
Amxx added a commit that referenced this pull request Feb 10, 2026
@Amxx @ernestognw
Avoid revert caused by slice overflow in WebAuthn.verify (#6329)
03caad9 
Co-authored-by: ernestognw <ernestognw@gmail.com>
Signed-off-by: Hadrien Croubois <hadrien.croubois@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ernestognw ernestognw ernestognw approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

5.6

Development

Successfully merging this pull request may close these issues.

2 participants

@Amxx @ernestognw