fix(starkware): Update TWStarkWareGetStarkKeyFromSignature to return nullable pointer and handle exceptions (#4715)

sergei-boiko-trustwallet · Copilot · web-flow · commit b5cf5542c288 · 2026-04-01T15:37:29.000+02:00
* fix(starkware): Update TWStarkWareGetStarkKeyFromSignature to return nullable pointer and handle exceptions

* Update include/TrustWalletCore/TWStarkWare.h

Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;

* fix(tezos): Enhance message verification to handle exceptions gracefully

* fix(address): Handle empty payload case in Address constructor and improve subData error handling

* fix(data): Include stdexcept to fix Flutter compilation

---------

Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/include/TrustWalletCore/TWStarkWare.h b/include/TrustWalletCore/TWStarkWare.h
@@ -18,8 +18,8 @@ struct TWStarkWare;
 ///
 /// \param derivationPath non-null StarkEx Derivation path
 /// \param signature valid eth signature
-/// \return  The private key for the specified derivation path/signature
+/// \return  The private key for the specified derivation path/signature, or `nullptr` if the signature or derivation path is invalid or an internal error occurs.
 TW_EXPORT_STATIC_METHOD
-struct TWPrivateKey* _Nonnull TWStarkWareGetStarkKeyFromSignature(const struct TWDerivationPath* _Nonnull derivationPath, TWString* _Nonnull signature);
+struct TWPrivateKey* _Nullable TWStarkWareGetStarkKeyFromSignature(const struct TWDerivationPath* _Nonnull derivationPath, TWString* _Nonnull signature);
 
 TW_EXTERN_C_END
diff --git a/src/Data.cpp b/src/Data.cpp
@@ -4,19 +4,21 @@
 
 #include "Data.h"
 
+#include <stdexcept>
+
 namespace TW {
 
 Data subData(const Data& data, size_t startIndex, size_t length) {
     if (startIndex >= data.size()) {
-        return Data();
+        throw std::invalid_argument("invalid subData arguments");
     }
     const size_t subLength = std::min(length, data.size() - startIndex); // guard against over-length
     return TW::data(data.data() + startIndex, subLength);
 }
 
 Data subData(const Data& data, size_t startIndex) {
     if (startIndex >= data.size()) {
-        return Data();
+        throw std::invalid_argument("invalid subData arguments");
     }
     const size_t subLength = data.size() - startIndex;
     return TW::data(data.data() + startIndex, subLength);
diff --git a/src/Filecoin/Address.cpp b/src/Filecoin/Address.cpp
@@ -144,6 +144,10 @@ MaybeAddress Address::fromBytes(const Data& encoded) {
                 return std::nullopt;
             }
 
+            if (remainingPos == withoutPrefix.size()) {
+                // Payload is empty.
+                return Address(type, actorID, Data());
+            }
             return Address(type, actorID, subData(withoutPrefix, remainingPos));
         }
         default:
diff --git a/src/HDWallet.cpp b/src/HDWallet.cpp
@@ -40,6 +40,9 @@ const int MnemonicBufLength = Mnemonic::MaxWords * (BIP39_MAX_WORD_LENGTH + 3) +
 
 template <std::size_t seedSize>
 HDWallet<seedSize>::HDWallet(const Data& seed) {
+    if (seed.size() != seedSize) {
+        throw std::invalid_argument("Invalid seed size");
+    }
     std::copy_n(seed.begin(), seedSize, this->seed.begin());
 }
 
diff --git a/src/Tezos/MessageSigner.cpp b/src/Tezos/MessageSigner.cpp
@@ -44,9 +44,13 @@ std::string MessageSigner::signMessage(const PrivateKey& privateKey, const std::
 
 bool MessageSigner::verifyMessage(const PublicKey& publicKey, const std::string& message, const std::string& signature) noexcept {
     auto decoded = Base58::decodeCheck(signature);
-    auto rawSignature = subData(decoded, gEdSigPrefix.size());
-    auto msg = Hash::blake2b(parse_hex(message), 32);
-    return publicKey.verify(rawSignature, msg);
+    try {
+        auto rawSignature = subData(decoded, gEdSigPrefix.size());
+        auto msg = Hash::blake2b(parse_hex(message), 32);
+        return publicKey.verify(rawSignature, msg);
+    } catch (...) {
+        return false;
+    }
 }
 
 } // namespace TW::Tezos
diff --git a/src/interface/TWStarkWare.cpp b/src/interface/TWStarkWare.cpp
@@ -11,5 +11,9 @@
 struct TWPrivateKey* TWStarkWareGetStarkKeyFromSignature(const struct TWDerivationPath* derivationPath, TWString* signature) {
     using namespace TW;
     const auto& ethSignatureStr = *reinterpret_cast<const std::string*>(signature);
-    return new TWPrivateKey{ ImmutableX::getPrivateKeyFromRawSignature(parse_hex(ethSignatureStr), derivationPath->impl)};
+    try {
+        return new TWPrivateKey{ ImmutableX::getPrivateKeyFromRawSignature(parse_hex(ethSignatureStr), derivationPath->impl)};
+    } catch (...) {
+        return nullptr;
+    }
 }
diff --git a/swift/Tests/HDWalletTests.swift b/swift/Tests/HDWalletTests.swift
@@ -27,7 +27,7 @@ class HDWalletTests: XCTestCase {
         let ethMsg = "Only sign this request if you’ve initiated an action with Immutable X."
         let ethSignature = EthereumMessageSigner.signMessageImmutableX(privateKey: ethPrivateKey, message: ethMsg)
         XCTAssertEqual(ethSignature, "18b1be8b78807d3326e28bc286d7ee3d068dcd90b1949ce1d25c1f99825f26e70992c5eb7f44f76b202aceded00d74f771ed751f2fe538eec01e338164914fe001")
-        let starkPrivateKey = StarkWare.getStarkKeyFromSignature(derivationPath: derivationPath, signature: ethSignature)
+        let starkPrivateKey = StarkWare.getStarkKeyFromSignature(derivationPath: derivationPath, signature: ethSignature)!
         XCTAssertEqual(starkPrivateKey.data.hexString, "04be51a04e718c202e4dca60c2b72958252024cfc1070c090dd0f170298249de")
         let starkPublicKey = starkPrivateKey.getPublicKeyByType(pubkeyType: .starkex)
         XCTAssertEqual(starkPublicKey.data.hexString, "00e5b9b11f8372610ef35d647a1dcaba1a4010716588d591189b27bf3c2d5095")
diff --git a/tests/common/DataTests.cpp b/tests/common/DataTests.cpp
@@ -66,13 +66,27 @@ TEST(DataTests, subData) {
     EXPECT_EQ(hex(subData(data, 0, 10)), "0102030405060708090a");
     EXPECT_EQ(hex(subData(data, 3, 1)), "04");
     EXPECT_EQ(hex(subData(data, 3, 0)), "");
-    EXPECT_EQ(hex(subData(data, 200, 3)), ""); // index too big
     EXPECT_EQ(hex(subData(data, 2, 300)), "030405060708090a"); // length too big
-    EXPECT_EQ(hex(subData(data, 200, 300)), ""); // index & length too big
 
     EXPECT_EQ(hex(subData(data, 3)), "0405060708090a");
     EXPECT_EQ(hex(subData(data, 0)), "0102030405060708090a");
-    EXPECT_EQ(hex(subData(data, 200)), ""); // index too big
+
+    // index too big
+    ASSERT_ANY_THROW(subData(data, 10, 3));
+    ASSERT_ANY_THROW(subData(data, 11, 1));
+    ASSERT_ANY_THROW(subData(data, 200, 300));
+
+    ASSERT_ANY_THROW(subData(data, 10ul));
+    ASSERT_ANY_THROW(subData(data, 11ul));
+    ASSERT_ANY_THROW(subData(data, 200ul));
+}
+
+TEST(DataTests, subDataInvalidStartIndex) {
+    const Data data = parse_hex("0102030405060708090a");
+    EXPECT_EQ(data.size(), 10ul);
+    ASSERT_ANY_THROW(subData(data, 10ul));
+    ASSERT_ANY_THROW(subData(data, 11ul));
+    ASSERT_ANY_THROW(subData(data, 200ul));
 }
 
 TEST(DataTests, hasPrefix) {

Original file line number	Diff line number	Diff line change
`@@ -144,6 +144,10 @@ MaybeAddress Address::fromBytes(const Data& encoded) {`
`144`	`144`	`return std::nullopt;`
`145`	`145`	`}`
`146`	`146`
	`147`	`+ if (remainingPos == withoutPrefix.size()) {`
	`148`	`+ // Payload is empty.`
	`149`	`+ return Address(type, actorID, Data());`
	`150`	`+ }`
`147`	`151`	`return Address(type, actorID, subData(withoutPrefix, remainingPos));`
`148`	`152`	`}`
`149`	`153`	`default:`
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,9 @@ const int MnemonicBufLength = Mnemonic::MaxWords * (BIP39_MAX_WORD_LENGTH + 3) +`
`40`	`40`
`41`	`41`	`template <std::size_t seedSize>`
`42`	`42`	`HDWallet<seedSize>::HDWallet(const Data& seed) {`
	`43`	`+ if (seed.size() != seedSize) {`
	`44`	`+ throw std::invalid_argument("Invalid seed size");`
	`45`	`+ }`
`43`	`46`	`std::copy_n(seed.begin(), seedSize, this->seed.begin());`
`44`	`47`	`}`
`45`	`48`