Skip to content

fix(express): prevent double-stringify of string payloads in handleV2 OFCSignPayload#8406

Open
CapnMigraine wants to merge 1 commit intomasterfrom
CAAS-1186
Open

fix(express): prevent double-stringify of string payloads in handleV2 OFCSignPayload#8406
CapnMigraine wants to merge 1 commit intomasterfrom
CAAS-1186

Conversation

@CapnMigraine
Copy link
Copy Markdown
Contributor

@CapnMigraine CapnMigraine commented Apr 7, 2026

The handler unconditionally called JSON.stringify(payload), which double-stringifies when the io-ts Json codec resolves the input as a string (the common case for tx/build responses). This caused tx/send to reject with 400 invalid signature.
Apply the same typeof guard already used in the ext-signing-mode handler.

TICKET: CAAS-1186

@CapnMigraine
fix(express): prevent double-stringify of string payloads in handleV2…
e00bc1e 
…OFCSignPayload

The handler unconditionally called JSON.stringify(payload), which
double-stringifies when the io-ts Json codec resolves the input as a
string (the common case for tx/build responses). This caused tx/send
to reject with 400 invalid signature.
Apply the same typeof guard already used in the ext-signing-mode handler.

TICKET: CAAS-1186
@CapnMigraine CapnMigraine requested review from a team as code owners April 7, 2026 00:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kaustubhbitgo kaustubhbitgo kaustubhbitgo approved these changes

@mrdanish26 mrdanish26 Awaiting requested review from mrdanish26 mrdanish26 is a code owner automatically assigned from BitGo/wallet-core

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CapnMigraine @kaustubhbitgo