Assessment reports>Xion Passkeys>Threat Model>Endpoints
GeneralOverview
Findings
Low (2)
DiscussionTest suite
Threat ModelEndpoints
Audit ResultsAssessment Results

Endpoints

instantiate

The instantiate is expected to be called by the owner of the contract. This calls execute::init, and it calls add_auth_method with the first authenticator, which is the owner of the contract.

execute

The execute is allowed to be called by anyone. However, execute asserts that the caller is the contract itself. So, it is not possible to call this entry point from the outside by someone who is not the owner of the contract.

AddAuthMethod

This adds the authenticator to storage. A new authenticator can be added when verifying is successful, so an invalid authenticator cannot be added to storage.

Controllable parameters

  • add_authenticator: The authenticator to add.

The authenticator type could be one of the following:

  • Secp256K1

    • id: The ID of the authenticator.

    • pubkey: The public key of the authenticator.

    • signature: The signature of the authenticator.

  • Ed25519

    • id: The ID of the authenticator.

    • pubkey: The public key of the authenticator.

    • signature: The signature of the authenticator.

  • EthWallet

    • id: The ID of the authenticator.

    • address: The address of the authenticator.

    • signature: The signature of the authenticator.

  • Jwt

    • id: The ID of the authenticator.

    • aud: The audience of the authenticator.

    • sub: The subject of the authenticator.

    • token: The token of the authenticator.

  • Secp256R1

    • id: The ID of the authenticator.

    • pubkey: The public key of the authenticator.

    • signature: The signature of the authenticator.

  • Passkey

    • id: The ID of the authenticator.

    • url: The URL of the authenticator.

    • credential: The credential of the authenticator.

RemoveAuthMethod

This removes the authenticator from storage using an ID. It only can be called when the authenticator count is bigger than 2. Therefore, since there is at least one authenticator present, it cannot be a contract with restricted access.

Controllable parameters

  • id: The ID of the authenticator to remove.

Emit

This writes an event with a message that is not bigger than 1,024 bytes.

Controllable parameters

  • data: The message to write in the event.

sudo

The sudo is called by the chain itself, so it will be triggered by XION chain.

AccountSudoMsg::BeforeTx

The AccountSudoMsg::BeforeTx is called before a transaction is executed. It is used to check if the transaction is valid or not using verification. It hashes the original transaction bytes and compares it with the signature using the authenticator.

Controllable parameters

  • tx_bytes: The original transaction bytes.

  • cred_bytes: The credential bytes. The first byte will be the index of the authenticator, and other bytes will be the signature, which is used in verifying.

  • simulate: The flag to check if the transaction is simulated or not.

Zellic © 2025Back to top ↑