From e014a137b8a11a39e943cbee1705076bd2e5891a Mon Sep 17 00:00:00 2001
From: Bolek <1416262+bolekk@users.noreply.github.com>
Date: Tue, 6 Aug 2024 08:38:04 -0700
Subject: [PATCH] [KS-411] Extra validation for FeedIDs in Streams Codec
 (#14038)

Make sure the ID extracted from FullReport matcheds the top-level one.
---
 core/capabilities/streams/codec.go      |  4 ++++
 core/capabilities/streams/codec_test.go | 16 +++++++++++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/core/capabilities/streams/codec.go b/core/capabilities/streams/codec.go
index d2bc451a39f..26011cb7f35 100644
--- a/core/capabilities/streams/codec.go
+++ b/core/capabilities/streams/codec.go
@@ -1,6 +1,7 @@
 package streams
 
 import (
+	"encoding/hex"
 	"fmt"
 
 	"github.com/ethereum/go-ethereum/common"
@@ -34,6 +35,9 @@ func (c *codec) Unwrap(wrapped values.Value) ([]datastreams.FeedReport, error) {
 		if err2 != nil {
 			return nil, fmt.Errorf("failed to decode: %v", err2)
 		}
+		if decoded.FeedId != id.Bytes() {
+			return nil, fmt.Errorf("feed ID mismatch: FeedID: %s, FullReport.FeedId: %s", id, hex.EncodeToString(decoded.FeedId[:]))
+		}
 		dest[i].BenchmarkPrice = decoded.BenchmarkPrice.Bytes()
 		dest[i].ObservationTimestamp = int64(decoded.ObservationsTimestamp)
 	}
diff --git a/core/capabilities/streams/codec_test.go b/core/capabilities/streams/codec_test.go
index e3ada731e43..02ec474fec9 100644
--- a/core/capabilities/streams/codec_test.go
+++ b/core/capabilities/streams/codec_test.go
@@ -69,7 +69,7 @@ func TestCodec_WrapUnwrap(t *testing.T) {
 	_, err = codec.Unwrap(values.NewBool(true))
 	require.Error(t, err)
 
-	// correct reports byt wrong signatures
+	// correct reports but wrong signatures
 	unwrapped, err := codec.Unwrap(wrapped)
 	require.NoError(t, err)
 	require.Equal(t, 2, len(unwrapped))
@@ -85,6 +85,20 @@ func TestCodec_WrapUnwrap(t *testing.T) {
 	for _, report := range unwrapped {
 		require.NoError(t, codec.Validate(report, allowedSigners, 2))
 	}
+
+	// invalid FeedID
+	wrappedInvalid, err := codec.Wrap([]datastreams.FeedReport{
+		{
+			FeedID:        id2Str, // ID #2 doesn't match what's in report #1
+			FullReport:    report1,
+			ReportContext: rawCtx,
+			Signatures:    [][]byte{signatureK1R1, signatureK2R1},
+		},
+	})
+	require.NoError(t, err)
+	_, err = codec.Unwrap(wrappedInvalid)
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "feed ID mismatch")
 }
 
 func newFeedID(t *testing.T) ([32]byte, string) {