Summary
Wallet constructors allow a DerivationPath with an incorrect role for the wallet type (e.g., a shielded role in a DustWallet), which could silently derive keys under the wrong path.
Addresses Least Authority audit Issue AN (Low severity).
Problem
DustWallet::from_path() accepts any DerivationPath regardless of roleShieldedWallet::from_path() accepts any DerivationPath regardless of role- A
DustWallet constructed with a shielded role derives keys under the shielded path (m/44'/2400'/0'/3/0 instead of m/44'/2400'/0'/2/0)
- Mismatched derivation silently produces keys that won't match expected wallet operations
Expected Behavior
DustWallet::from_path() rejects derivation paths with non-Role::Dust rolesShieldedWallet::from_path() rejects derivation paths with non-Role::Zswap roles- Mismatched role construction panics with a descriptive message
References
- Least Authority — Shielded Midnight Network Node Initial Audit Report (October 24, 2025), Issue AN, pp. 55–56
- JIRA: https://shielded.atlassian.net/browse/PM-20015
- Parent epic: PM-19974 (Q4 2025 Least Authority 'Node' Audit Findings)
Summary
Wallet constructors allow a
DerivationPathwith an incorrect role for the wallet type (e.g., a shielded role in aDustWallet), which could silently derive keys under the wrong path.Addresses Least Authority audit Issue AN (Low severity).
Problem
DustWallet::from_path()accepts anyDerivationPathregardless of roleShieldedWallet::from_path()accepts anyDerivationPathregardless of roleDustWalletconstructed with a shielded role derives keys under the shielded path (m/44'/2400'/0'/3/0instead ofm/44'/2400'/0'/2/0)Expected Behavior
DustWallet::from_path()rejects derivation paths with non-Role::DustrolesShieldedWallet::from_path()rejects derivation paths with non-Role::ZswaprolesReferences