fix: marinade multisig dapp requests by preserving original message bytes WPN-1035#608
Open
taran-a wants to merge 1 commit into
Open
fix: marinade multisig dapp requests by preserving original message bytes WPN-1035#608taran-a wants to merge 1 commit into
taran-a wants to merge 1 commit into
Conversation
Battambang
reviewed
Jun 5, 2026
taran-a
force-pushed
the
fix/marinade-multisig-messages
branch
from
b0d9245 to
74941d7
Compare
taran-a
force-pushed
the
fix/marinade-multisig-messages
branch
from
74941d7 to
ffc53a2
Compare
taran-a
force-pushed
the
fix/marinade-multisig-messages
branch
from
ffc53a2 to
09a876d
Compare
|
Author
|
@metamaskbot publish-preview |
Contributor
|
Preview builds have been published. Learn how to use preview builds in other projects. Expand for full list of packages and versions. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes multisig dapp transaction signing by preserving the original transaction payload for external dapp origins.
signTransactionandsignAndSendTransactionrequests as transactions directly, whether the payload is a full serialized transaction or a bare compiled transaction message.messageBytes, account ordering, and instruction account indices.Screen.Recording.2026-06-04.at.19.54.59.mov
Note
Medium Risk
Changes core transaction signing for all external dapps and is documented as breaking; incorrect decoding could break signing, though origin gating and tests limit blast radius.
Overview
Fixes multisig and dapp signing (e.g. Marinade) by no longer decompiling and enriching dapp payloads before signing.
For non-MetaMask origins,
signTransactionandsignAndSendTransactionnow decode the base64 payload as a transaction (full serialized tx or bare compiled message) and only add the wallet’s signature, keepingmessageBytes, existing signatures, and account layout unchanged. MetaMask-origin requests still use the prior path that can fill fee payer, blockhash, and compute budget instructions.New codec helpers (
fromBase64StringCompiledMessageToTransaction,fromUnknowBase64StringToTransaction) and apreserveMessageBytesflag onpartiallySignBase64Stringimplement this. Changelog notes a breaking behavior change for dapp-origin signing.Reviewed by Cursor Bugbot for commit 09a876d. Bugbot is set up for automated code reviews on this repo. Configure here.