ContractChallengeValidationErrorInvalidAccount
extends ContractChallengeValidationError
in package
Exception thrown when a contract challenge has an invalid account argument.
This exception is thrown when the account argument in the web_auth_verify function does not match the expected client account ID. This validation ensures the challenge is authenticating the correct contract account and prevents account substitution attacks.
Security Impact: Critical security check. If the account doesn't match, an attacker may be trying to authenticate as a different account. Always verify the account matches the client account being authenticated.