Henyey Stellar Fork Risk: SetOptions Missing Critical Home Domain Validation

A confirmed security audit reveals a critical flaw in the Henyey Stellar implementation that could trigger a consensus fork. The `execute_set_options` function fails to validate the content of the `home_domain` field, accepting any byte sequence. This directly contradicts the official stellar-core behavior, which strictly validates the string and rejects invalid bytes, returning a `SET_OPTIONS_INVALID_HOME_DOMAIN` error. Henyey's permissive handling creates a divergence in transaction result codes and, critically, in the resulting BucketList hash—a direct path to a network split.

The vulnerability is isolated to the `henyey-tx` crate, specifically within `crates/tx/src/operations/execute/set_options.rs` at lines 192-194. While the official Stellar protocol enforces a validation function (`isStringValid()`) that only permits printable ASCII characters (bytes 0x20–0x7E), Henyey's code currently assigns the `home_domain` value without any checks. This allows an account's state to be polluted with arbitrary data that the reference implementation would never accept.

This MEDIUM-severity finding, tagged H-016, represents a protocol compliance failure with operational consequences. The persistent state divergence means that once an invalid `home_domain` is accepted by a Henyey node, its view of the ledger's cryptographic history (the BucketList hash) will permanently differ from nodes running stellar-core. In a federated network, this type of implementation mismatch is a classic vector for consensus failure, undermining network integrity and reliability.