BUG: CBOR Transformation Breaks Script Integrity #177
Description
$ cardano-hw-cli version
Cardano HW CLI Tool version 1.16.0-rc.1
Commit hash: e7225d91e0ddc6152ad973ba803d6c016cb14d7eThe script integrity involves hashing the script, redeemer, and datum that will be used for its execution (spec). When transforming a tx.body file with a smart contract using a redeemer that contains internal fields, the cbor transformation incorrectly changes the redeemer which invalidates the script integrity hash.
Consider the always succeeding minting policy (policy id c0f8644a01a6bf5db02f4afe30d604975e63dd274f1098a1738e561d):
{
"type": "PlutusScriptV2",
"description": "",
"cborHex": "484701000022120011"
}This script can be executed with any redeemer. For example, the unit redeemer:
{"constructor":0,"fields":[]}Everything is fine when the minting policy is executed with the unit redeemer. However, if the redeemer has extra fields like:
{"constructor":0,"fields":[{"constructor":1,"fields":[{"bytes":"c0f8644a01a6bf5db02f4afe30d604975e63dd274f1098a1738e561d"}]}]}the transformed transaction submission will now fail with a ScriptIntegrity error. The transaction submission succeeds as long as you do not transform it with cardano-hw-cli transaction transform.
To confirm this, try minting some test tokens using both the unit redeemer and the more involved redeemer. And also try not transforming the transactions. You will need to use keys generated with cardano-cli since cardano-hw-cli will automatically prevent witnessing transactions that have not been transformed. Below are my results:
| Redeemer | Transformed | Result |
|---|---|---|
| Unit | Yes | Success |
| Unit | No | Success |
| Complex | Yes | Fail |
| Complex | No | Success |
Since cardano-hw-cli requires the transaction to be transformed when witnessing with hardware wallets, this bug makes it impossible to use hardware wallets with any smart contract that is using more involved redeemers.