GHSA-qr2g-p6q7-w82m: Critical Payment Verification Bypass in Coinbase x402 SDK (Solana)

The x402 protocol is designed to implement the HTTP 402 "Payment Required" status code, facilitating automated, machine-to-machine payments for AI agents and API monetization. A critical component of this architecture is the facilitator, a service responsible for intercepting payment claims, verifying on-chain settlement, and issuing cryptographic proofs to the resource server.

This vulnerability (GHSA-qr2g-p6q7-w82m) resides specifically in the Solana Virtual Machine (SVM) implementation of the facilitator. Unlike the EVM implementations which use ECDSA, the Solana integration utilizes Ed25519 signatures. The flaw allows an attacker to submit a malformed or replayed PAYMENT-SIGNATURE that the facilitator incorrectly accepts as valid. Consequently, the facilitator issues a valid payment token to the resource server, granting the attacker access to the protected resource without an actual transfer of funds.

The root cause is an Improper Verification of Cryptographic Signature (CWE-347) within the SDK's payment validation logic. Specifically, the issue stems from how the facilitator validates the authenticity and uniqueness of Solana transaction signatures provided in the HTTP headers.

In the vulnerable versions, the validation routine for the PAYMENT-SIGNATURE header lacks sufficient checks to ensure the signature is both valid for the specific payload and unique (not a replay). Technical analysis suggests the "auto-sign" feature—intended to streamline developer experience—introduced a code path where the strict cryptographic binding between the payment intent and the on-chain signature was loosened. This allows a signature to be spoofed or an old signature to be reused, tricking the verification logic into returning a success state.

While the exact source code diff is not public in the advisory context, the logical failure can be reconstructed based on the protocol design and the patch description. The vulnerability exists in the VerifySolanaPayment function (or equivalent) within the facilitator.

In a secure implementation, the flow must be:

1. Extract PAYMENT-SIGNATURE from header.
2. Fetch the corresponding transaction from the Solana blockchain (or verify the provided proof).
3. Verify the transaction recipient is the merchant.
4. Verify the amount matches the requested resource price.
5. Verify the transaction is recent and not previously processed (Replay Protection).

Vulnerable Logic Flow:

// Pseudo-code representation of the flaw
async function verifyPayment(req, context) {
  const signature = req.headers['x-payment-signature'];
  
  // VULNERABILITY: The facilitator checks if a signature exists
  // but fails to strictly validate it against the specific
  // invoice ID or allows replaying a valid signature from a past transaction.
  if (isValidFormat(signature)) {
     // The system assumes the signature is fresh and valid for THIS request
     return grantAccess();
  }
  return denyAccess();
}

Patched Logic Flow: The fix introduces strict validation steps that cryptographically bind the signature to the specific invoice and check for replay attacks against a cache of seen signatures.

An attacker targets a service monetized via x402 (e.g., a Premium LLM API). The service charges 1 USDC per request. The attacker initiates a request, receiving a 402 Payment Required response containing a payment address and invoice ID.

To exploit the system, the attacker crafts a follow-up request containing a spoofed PAYMENT-SIGNATURE header. Because the vulnerable facilitator fails to verify the signature against the Solana blockchain state correctly (or accepts a replayed signature from a 0.0001 USDC test transaction), the facilitator validates the request. The SDK then generates a x402-token which the resource server accepts, returning the premium API response. The attacker effectively consumes the service for free, causing financial loss to the provider.

Severity: Critical (CVSS 9.9)

The impact is primarily financial and integrity-based. Service providers relying on x402 for revenue assurance are at risk of complete monetization bypass. Attackers can drain compute resources, access proprietary data, or utilize paid APIs without cost.

However, it is crucial to note that this vulnerability does not expose private keys or allow the theft of existing user funds held in wallets. The flaw is in the verification of payments, not the custody of funds. The risk is borne entirely by the service provider (merchant) running the vulnerable facilitator.