From 18c08b9d4aef4b52dedf96a92da14870c8e2a8e7 Mon Sep 17 00:00:00 2001
From: overcat <4catcode@gmail.com>
Date: Thu, 29 Oct 2020 20:29:11 +0800
Subject: [PATCH] fix: (SEP-10) value of the first op should not be null.

---
 src/utils.ts            |  6 ++++++
 test/unit/utils_test.js | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/src/utils.ts b/src/utils.ts
index f1f15d0ad..c5300d95d 100644
--- a/src/utils.ts
+++ b/src/utils.ts
@@ -180,6 +180,12 @@ export namespace Utils {
       throw new InvalidSep10ChallengeError("The transaction has expired");
     }
 
+    if (operation.value === undefined) {
+      throw new InvalidSep10ChallengeError(
+        "The transaction's operation value should not be null",
+      );
+    }
+
     // verify base64
     if (Buffer.from(operation.value.toString(), "base64").length !== 48) {
       throw new InvalidSep10ChallengeError(
diff --git a/test/unit/utils_test.js b/test/unit/utils_test.js
index 1b3ef2172..d8e4c3850 100644
--- a/test/unit/utils_test.js
+++ b/test/unit/utils_test.js
@@ -437,6 +437,41 @@ describe('Utils', function() {
       );
     });
 
+    it("throws an error if operation value is null", function() {
+      let keypair = StellarSdk.Keypair.random();
+      const account = new StellarSdk.Account(keypair.publicKey(), "-1");
+      const transaction = new StellarSdk.TransactionBuilder(
+        account,
+        txBuilderOpts,
+      )
+        .addOperation(
+          StellarSdk.Operation.manageData({
+            name: "SDF auth",
+            value: null,
+            source: "GBDIT5GUJ7R5BXO3GJHFXJ6AZ5UQK6MNOIDMPQUSMXLIHTUNR2Q5CFNF",
+          }),
+        )
+        .setTimeout(30)
+        .build();
+
+      transaction.sign(keypair);
+      const challenge = transaction
+        .toEnvelope()
+        .toXDR("base64")
+        .toString();
+
+      expect(() =>
+        StellarSdk.Utils.readChallengeTx(
+          challenge,
+          keypair.publicKey(),
+          StellarSdk.Networks.TESTNET,
+        ),
+      ).to.throw(
+        StellarSdk.InvalidSep10ChallengeError,
+        /The transaction\'s operation value should not be null/,
+      );
+    });
+
     it("throws an error if transaction does not contain valid timeBounds", function() {
       let keypair = StellarSdk.Keypair.random();
       let clientKeypair = StellarSdk.Keypair.random();