fix(security): SC-01 paymaster sig_type, SC-02 AA reconciliation, H-4 hickory advisory

[LucienSong]

Summary

• derive the paymaster signature algorithm from the registered paymaster pubkey/address binding instead of reusing the sender sig_type
• enforce AA outer-value reconciliation so inner call value sums cannot exceed the declared AA envelope value, and align helper/tests with that invariant
• add cargo-audit ignores for RUSTSEC-2026-0118/0119 in workspace metadata plus .cargo/audit.toml because libp2p 0.56 still pulls hickory 0.25.x transitively with no compatible upgrade path in this workspace

Validation

• cargo fmt --all
• cargo clippy --workspace -- -D warnings
• attempted cargo test --workspace (ran >10 minutes and exposed shell-e2e-tests --test aa_batch_test)
• cargo test -p shell-core
• cargo test -p shell-evm
• cargo test -p shell-rpc
• cargo test -p shell-e2e-tests --test aa_batch_test
• cargo test -p shell-e2e-tests --test aa_sponsored_test
• cargo test -p shell-consensus
• cargo audit -q

Notes

• Tried direct dependency remediation paths for hickory/libp2p first; there is still no compatible crates.io upgrade path available in this workspace, so the advisory is explicitly tracked and ignored for now.

Impact-Deferred: shell-chain: make e2e was not run in this session.
Impact-Deferred: shell-sdk: downstream SDK verification/build was not run in this shell-chain fix session.
Impact-Deferred: shell-chain-white-paper: white-paper wording review was not performed in this code fix session.
Impact-Deferred: shell-dex: downstream DEX build/smoke verification was not run in this shell-chain fix session.
Impact-Deferred: shell-explorer: downstream explorer smoke verification was not run in this shell-chain fix session.
Impact-Deferred: shella-chrome-wallet: downstream wallet verification was not run in this shell-chain fix session.
Impact-Deferred: shell-site: downstream site/docs verification was not run in this shell-chain fix session.

[Copilot]

Pull request overview

This PR tightens AA security semantics by deriving paymaster signature algorithms from registered paymaster key/address bindings, enforcing AA outer-value budgets against inner call values, and explicitly tracking hickory advisories that remain transitively pulled in through libp2p.

Changes:

• Adds paymaster signature-type inference for mixed-algorithm sponsored AA validation.
• Enforces Σ inner.value <= tx.value in AA construction, validation, execution, and related tests/helpers.
• Adds cargo-audit advisory ignores for unresolved hickory/libp2p transitive advisories.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
.cargo/audit.toml	Adds cargo-audit ignore entries for hickory advisories.
Cargo.toml	Adds workspace audit metadata ignores for the same advisories.
crates/core/src/transaction.rs	Adds AA inner value summing and constructor-level overspend rejection.
crates/crypto/src/multi.rs	Adds address-based signature type inference helper.
crates/crypto/src/lib.rs	Re-exports the new inference helper.
crates/evm/src/executor.rs	Adds execution-time AA outer-value reconciliation and tests.
crates/evm/src/tx_validation.rs	Updates AA balance checks, structural validation, and paymaster signature verification.
crates/rpc/src/handler/mod.rs	Updates an AA test transaction value to satisfy the new invariant.
tests/e2e/aa_batch_test.rs	Computes AA outer value from inner calls in batch test helper.
tests/e2e/aa_sponsored_test.rs	Computes AA outer value from inner calls in sponsored test helper.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.