Ability to verify calls with `wallet_verifyCalls`

[jxom]

It would be useful to introduce a new wallet_verifyCalls endpoint that accepts the return type of wallet_prepareCalls as input and returns a boolean indicating whether the response is valid (based on a previously submitted wallet_prepareCalls to the relay).

Motivation / Use Case:

In Porto’s Merchant RPC model, anyone can host their own wallet_prepareCalls endpoint that fronts the relay. This allows them to insert feePayer into the params and feeSignature into the response. However, there needs to be a way to verify that the merchant RPC hasn’t mutated or tampered with the relay’s intended response.

Currently, I compare the digests of the merchant RPC to the relay RPC. This can drift out of sync because quotes can differ, and it doesn’t fully guarantee integrity. While I acknowledge that “trusting the relay” is not perfect, in practice it’s far more likely for a malicious merchant RPC to appear than for the relay to be compromised.

Proposed Solution

• Add a wallet_verifyCalls endpoint.
• The relay could store the relevant response values (asset diffs, asset deficits, and other prepareCalls properties) against the digest when wallet_prepareCalls is initially called.
• wallet_verifyCalls would then match an input response against the stored values (from the previous wallet_prepareCalls) for that digest, returning true if valid, false if not. It should also account for the fact that a consumer can insert their own capabilities.feeSignature into the response, and not affect the verification.

[Rjected]

@shekhirin fixed with #1398 / #1397 ?