Protocol 27 will implement CAP-712, a signature security improvement for Soroban custom accounts. The update addresses a narrow vulnerability in signature pre-image handling and introduces address credentials v2 while maintaining backward compatibility. CAP-711 makes modular custom accounts easier to build and deploy.
Stellar developers presented CAP-71 and CAP-712, improvements coming in Protocol 27 that make custom accounts safer and more practical. CAP-711 introduces built-in delegation support for modular custom accounts, letting developers compose sub-account logic more easily. CAP-712 fixes a signature vulnerability: the standard authorization pre-image didn't include the signer's address, creating a narrow but real security risk in specific edge cases where private keys are shared between accounts and signer rotation occurs simultaneously. The protocol now provides address credentials v2 using an updated signature payload format; old credentials remain usable, so clients can migrate at their own pace. The fix was discovered through security audits and prevents potential signature replay attacks.