ContractChallengeValidationErrorInvalidContractAddress
extends ContractChallengeValidationError
in package
Exception thrown when a contract challenge has an invalid contract address.
This exception is thrown when the contract_address in an authorization entry does not match the WEB_AUTH_CONTRACT_ID from the server's stellar.toml. This validation ensures that the authorization is for the correct web authentication contract and prevents substitution attacks where an attacker might try to use a different contract.
Security Impact: Critical security check. If the contract address doesn't match, the challenge may be for a different contract that could have malicious logic. Always reject such challenges.