fix: use timing-safe comparison for OTP verification (WAPI-1128)#74
Merged
chakra-guy merged 1 commit intomainfrom Feb 27, 2026
Merged
fix: use timing-safe comparison for OTP verification (WAPI-1128)#74chakra-guy merged 1 commit intomainfrom
chakra-guy merged 1 commit intomainfrom
Conversation
chakra-guy
force-pushed
the
cyfrin/wapi-1128
branch
from
a4884b7 to
06bb51b
Compare
chakra-guy
force-pushed
the
cyfrin/wapi-1127
branch
3 times, most recently
from
b13cab4 to
3c1336b
Compare
The direct string comparison (===) for OTP verification is vulnerable to timing side-channel attacks. Replace with a constant-time XOR-based comparison that processes every character regardless of where a mismatch occurs. The utility is cross-platform (no Node-specific crypto dependency).
chakra-guy
force-pushed
the
cyfrin/wapi-1128
branch
from
06bb51b to
b458794
Compare
wenfix
approved these changes
Feb 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
timingSafeEqual()utility to@metamask/mobile-wallet-protocol-core===OTP comparison in the dapp-client's untrusted connection handler with constant-time comparisonBackground
The Cyfrin audit identified that the OTP comparison in the dApp's untrusted connection handler uses direct string equality (
===), which is vulnerable to timing side-channel attacks. An attacker could theoretically measure response time differences to infer which characters of the OTP are correct.The fix uses a constant-time XOR-based comparison that always processes every character, preventing timing leakage. The implementation is cross-platform (no Node-specific
crypto.timingSafeEqualdependency) and works in Node, browsers, and React Native.Changes
packages/core/src/utils/timing-safe-equal.ts: New utilitypackages/core/src/utils/timing-safe-equal.test.ts: 6 unit testspackages/core/src/index.ts: ExporttimingSafeEqualpackages/dapp-client/src/handlers/untrusted-connection-handler.ts: UsetimingSafeEqualfor OTP comparisonpackages/dapp-client/CHANGELOG.md: Document the fixTest plan
yarn buildpassesyarn test:unitpasses (68/68 tests, including 6 new)Note
Medium Risk
Changes OTP verification logic in the untrusted handshake path; while behavior should be equivalent for correct/incorrect OTPs, any mismatch in edge cases (e.g., non-string inputs or length handling) could affect connection UX/security.
Overview
Mitigates OTP timing side-channel risk by introducing a cross-platform
timingSafeEqual()utility in@metamask/mobile-wallet-protocol-core(with new unit tests) and exporting it frompackages/core/src/index.ts.Updates the dapp-client untrusted connection flow to use
timingSafeEqualinstead of direct string equality for OTP verification, and documents the fix in the dapp-client changelog.Written by Cursor Bugbot for commit b458794. This will update automatically on new commits. Configure here.