Right now we validate a MP for a index provided in the MP and we do not check if that tx was involved in the transaction. This allows a user to prove that an account exists and run the tx on that account which will create a different state post tx execution.
A fix for this problem is simple, we need to make sure that the accounts involved in the MP are the same as the ones in the Tx.
Great find by @kilic, thank you!
Right now we validate a MP for a index provided in the MP and we do not check if that tx was involved in the transaction. This allows a user to prove that an account exists and run the tx on that account which will create a different state post tx execution.
A fix for this problem is simple, we need to make sure that the accounts involved in the MP are the same as the ones in the Tx.