When using remote forging, there are risks that attackers can change the contents. In order to verify its contents, we need to add a call to the parse RPC and inspect the output to make sure it matches. Ideally this should be done against a different server than the first.
Proposal:
Add a second, optional URL when setting up TezosClient to act as the parse server. Default it to the first URL if none supplied. Update ForgeSignPreapplyAndInject to include a call to the parse endpoint and verify before proceeding.
When using remote forging, there are risks that attackers can change the contents. In order to verify its contents, we need to add a call to the parse RPC and inspect the output to make sure it matches. Ideally this should be done against a different server than the first.
Proposal:
Add a second, optional URL when setting up TezosClient to act as the parse server. Default it to the first URL if none supplied. Update
ForgeSignPreapplyAndInjectto include a call to the parse endpoint and verify before proceeding.