From d3097866bf3400ee4ce60e36cec480de9ccf5eb0 Mon Sep 17 00:00:00 2001 From: Abdulazeem-code Date: Wed, 1 Jul 2026 13:27:58 +0100 Subject: [PATCH] fix: verify freighter signer address --- stellar-payment-platform/server.js | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/stellar-payment-platform/server.js b/stellar-payment-platform/server.js index 96bf1bd..8d427c1 100644 --- a/stellar-payment-platform/server.js +++ b/stellar-payment-platform/server.js @@ -336,7 +336,8 @@ const verifyFreighterRegistrationSignature = ({ signerAddress, }) => { const message = `register:${username}:${address}`; - const keypair = Keypair.fromPublicKey(address); + const claimedSigner = signerAddress || address; + const keypair = Keypair.fromPublicKey(claimedSigner); let signatureBuffer; if (Buffer.isBuffer(signature)) { @@ -353,13 +354,18 @@ const verifyFreighterRegistrationSignature = ({ throw error; } - const claimedSigner = signerAddress || address; if (!StrKey.isValidEd25519PublicKey(claimedSigner)) { const error = new Error('Invalid signer address format.'); error.statusCode = 400; throw error; } + if (claimedSigner !== address) { + const error = new Error('Signer address does not match the connected wallet.'); + error.statusCode = 401; + throw error; + } + return claimedSigner; };