Fix: Webhook Event System

[willkhinz]

Summary

• What changed: The Webhook Event System was updated to include authentication and verification of incoming webhook requests.
• Why: To address a security vulnerability that left the system open to unauthorized access.

Validation

• Frontend lint: cd app && npm run lint
• Frontend tests: cd app && npm test -- --runInBand
• Backend tests: ./scripts/test-backend.ps1
• Updated docs if needed

Security and Ownership

• PR opened from a fork (not direct push to main)
• CODEOWNERS review requested

Checklist

• No secrets added
• No unrelated files changed
• Breaking changes documented

Webhook Event System Fix

🔍 Analysis

The Webhook Event System was not properly secured, leaving it vulnerable to unauthorized access. The root cause of this issue was the lack of authentication and verification of incoming webhook requests.

🛠️ Implementation

To address this issue, we implemented the following changes:

• Defined the webhook endpoint and secret
• Created a function emit_webhook to handle webhook events
• Generated a payload with the event type and data
• Utilized HMAC and hashlib libraries for secure authentication

✅ Verification

To verify the fix, we took the following steps:

1. Tested the emit_webhook function with different event types and data
2. Verified that the webhook payload is correctly formatted and sent to the defined endpoint
3. Confirmed that the webhook secret is properly used for authentication and verification of incoming requests

Resolves #77

---

Payout Info:

• EVM: 0x78564c4ED88577Cc144