stellar-sdk/com.soneso.stellar.sdk.sep.sep45.exceptions/Sep45InvalidContractAddressException

Sep45InvalidContractAddressException

class Sep45InvalidContractAddressException(val expected: String, val actual: String) : Sep45ChallengeValidationException

Exception thrown when the authorization entry targets a different contract than expected.

SEP-45 Security Requirement: The authorization entry's contract address MUST match the WEB_AUTH_CONTRACT_ID from the server's stellar.toml.

This check is critical for security because:

  • It ensures you're authenticating with the correct contract

  • It prevents contract substitution attacks where a malicious server directs authentication to a different contract

  • The WEB_AUTH_CONTRACT_ID identifies the trusted authentication contract

Attack scenario prevented: Without this check, a compromised server could return authorization entries targeting a malicious contract that could steal credentials or perform unauthorized actions.

The contract address is extracted from the authorization entry's rootInvocation.function.contractFn.contractAddress field.

Example - Handle contract address mismatch:

try {
    webAuth.validateChallenge(authEntries, accountId)
} catch (e: Sep45InvalidContractAddressException) {
    logger.error("Contract address mismatch!")
    logger.error("Expected: ${e.expected}")
    logger.error("Actual: ${e.actual}")
    // Do NOT proceed - possible attack
}
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(expected: String, actual: String)

Properties

Link copied to clipboard
val actual: String

The actual contract address found in the authorization entry

Link copied to clipboard
expect open val cause: Throwable?
Link copied to clipboard
val expected: String

The expected contract address (C...) from WEB_AUTH_CONTRACT_ID

Link copied to clipboard
expect open val message: String?
Generated by Dokka
© 2026 Copyright