Show HN: Server builds, wallet signs — a non-custodial Web3 checkout pattern(blauenlabs.com)

1 pointby thanders6 hours ago2 comments

kilakulusuan hour ago
this is basically meta-transactions with a twist. curious what stops a malicious server from bundling unexpected calls into the transaction. do you have any commit-reveal or something to prevent that
- thandersan hour ago
  Good point — this is the core trust assumption of the pattern. The wallet is the user's defence: it decodes and displays all instructions before signing, so any unexpected calls would be visible at approval time. Wallets like Phantom surface warnings for unusual instruction patterns — this is consistent with the Solana wallet standard: https://docs.phantom.com/developer-powertools/wallet-standar...
  A commit-reveal scheme would add another layer but shifts complexity to the client-side code — an extra round trip and hash verification step before passing the transaction to the wallet.
  In practice the threat model here assumes a non-malicious server — the pattern is designed to protect against a compromised client, not a compromised server. If your server is malicious you have bigger problems than transaction bundling.
  Worth noting in the post though — good catch.
thanders6 hours ago
[dead]