ContractChallengeValidationErrorSubInvocationsFound
extends ContractChallengeValidationError
in package
Exception thrown when a contract challenge authorization entry contains sub-invocations.
This exception is thrown when an authorization entry's rootInvocation contains any sub-invocations. Per SEP-45, authorization entries for web authentication must not have sub-invocations as this could authorize additional unintended contract calls.
Security Impact: Critical security check. Sub-invocations could authorize the contract to perform additional operations beyond authentication verification. Always reject challenges with sub-invocations to prevent unauthorized contract interactions.