diff options
| author | fanquake <fanquake@gmail.com> | 2022-10-20 07:59:50 +0800 |
|---|---|---|
| committer | fanquake <fanquake@gmail.com> | 2022-10-20 08:13:14 +0800 |
| commit | 2ac71d20b2ebbfea76ee7369fddffbd78bd2c010 (patch) | |
| tree | cb2205dce0c3147d2c6a80923358e935dc2324c2 /src/node | |
| parent | a97791d9fb977cf2a0d19268253238b0fee173f6 (diff) | |
| parent | e133264c5b1f72e94dcb9cebd85cdb523fcf8070 (diff) | |
Merge bitcoin/bitcoin#25595: Verify PSBT inputs rather than check for fields being empty
e133264c5b1f72e94dcb9cebd85cdb523fcf8070 Add test for PSBT input verification (Greg Sanders)
d25699280af1ea45bebc884f63a10da7ea275ef9 Verify PSBT inputs rather than check for fields being empty (Greg Sanders)
Pull request description:
In a few keys spots, PSBT finality is checked by looking for non-empty witness data.
This complicates a couple things:
1) Empty data can be valid in certain cases
2) User may be passed bogus final data by a counterparty during PSBT work happening, and end up with incorrect signatures that they may not be able to check in other contexts if the UTXO doesn't exist yet in chain/mempool, timelocks, etc.
On the whole I think these heavier checks are worth it in case someone is actually assuming the signatures are correct if our API is saying so.
ACKs for top commit:
achow101:
ACK e133264c5b1f72e94dcb9cebd85cdb523fcf8070
Tree-SHA512: 9de4fbb0be1257b081781f5df908fd55666e3acd5c4e36beb3b3f2f5a6aed69ff77068c44cde6127e159e773293fd9ced4c0bb47e693969f337e74dc8af030da
Diffstat (limited to 'src/node')
| -rw-r--r-- | src/node/psbt.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/node/psbt.cpp b/src/node/psbt.cpp index 57162cd679..ca3fc0955d 100644 --- a/src/node/psbt.cpp +++ b/src/node/psbt.cpp @@ -59,7 +59,7 @@ PSBTAnalysis AnalyzePSBT(PartiallySignedTransaction psbtx) } // Check if it is final - if (!utxo.IsNull() && !PSBTInputSigned(input)) { + if (!PSBTInputSignedAndVerified(psbtx, i, &txdata)) { input_analysis.is_final = false; // Figure out what is missing |