verifyTransaction()

Perform some checks on a staking transaction.

This method is intended to be called on a Transaction after it was signed by an external software or hardware wallet. This mitigates the risk of data being altered by third parties.

If possible, it is recommended to call this method with the same data that was passed to stake().

📘

Example

A popular attack involves altering the content of the system clipboard when a user is copying the transaction data to their software wallet. A malicious software on a user's computer could replace the legitimate staking transaction with another transaction that sends funds to a third party. The user then signs the malicious transaction without noticing.

By calling verifyTransaction(), you can detect that the transaction that was signed is not, in fact, the expected staking transaction.

client.solana.verifyTransaction({
  tx: signedTx,
  expectedFeePayer: authority,
  expectedStakeAuthority: authority,
  expectedWithdrawAuthority: authority,
  strict: true,
});

Checks

The following checks are performed.

  • The transaction must have a fee payer. If expectedFeePayer is provided, the transaction must have this exact fee payer.
  • The transaction must contain instructions. If the strict mode is on, each instruction must be either a StakeProgram or a SystemProgram.
  • If the strict mode is on, both expectedStakeAuthority and expectedWithdrawAuthority (if provided) must be referenced in at least one instruction each.

Parameters

tx Transaction, required
The signed transaction that needs to be verified.

expectedFeePayer string
The feePayer that was passed to stake() .

expectedStakeAuthority string
The stakeAuthority that was passed to stake().

expectedWithdrawAuthority string
The withdrawAuthority that was passed to stake().

strict boolean
If true, some additional checks will be enabled. See the list of checks above for more information.

Result

If the transaction is correct, the method does not return anything. It is assumed that you can safely publish the transaction via sendTransaction().

If the transaction is not correct, the method throws an Error with the corresponding message. It is strongly recommended to discard such a transaction and investigate whether the system is compromised.

What's next?