arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-02-10 22:52:46 +00:00
Code Issues Releases Wiki Activity

fix(cardano): don't allow duplicate withdrawals

Browse Source
This commit is contained in:
gabrielkerekes 2021-06-16 10:42:26 +02:00
parent 3cd2182b69
commit 4e5772662c
2 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
common/tests/fixtures/cardano/sign_tx.failed.json vendored
View File

@ -555,6 +555,44 @@
"error_message": "Invalid withdrawal" "error_message": "Invalid withdrawal"
} }
}, },
{
"description": "Duplicate withdrawal",
"parameters": {
"protocol_magic": 764824073,
"network_id": 1,
"fee": 42,
"ttl": 10,
"certificates": [],
"withdrawals": [
{
"path": "m/1852'/1815'/0'/2/0",
"amount": "1000"
},
{
"path": "m/1852'/1815'/0'/2/0",
"amount": "2000"
}
],
"auxiliary_data": null,
"inputs": [
{
"path": "m/1852'/1815'/0'/0/0",
"prev_hash": "3b40265111d8bb3c3c608d95b3a0bf83461ace32d79336579a1939b3aad1c0b7",
"prev_index": 0
}
],
"outputs": [
{
"address": "Ae2tdPwUPEZCanmBz5g2GEwFqKTKpNJcGYPKfDxoNeKZ8bRHr8366kseiK2",
"amount": "3003112"
}
]
},
"result": {
"error_message": "Duplicate withdrawals"
}
},
{ {
"description": "Auxiliary data blob is incomplete", "description": "Auxiliary data blob is incomplete",
"parameters": { "parameters": {

7
core/src/apps/cardano/sign_tx.py
View File

@ -309,6 +309,7 @@ def _validate_certificates(
def _validate_withdrawals(withdrawals: list[CardanoTxWithdrawalType]) -> None: def _validate_withdrawals(withdrawals: list[CardanoTxWithdrawalType]) -> None:
seen_withdrawals = set()
for withdrawal in withdrawals: for withdrawal in withdrawals:
if not SCHEMA_STAKING_ANY_ACCOUNT.match(withdrawal.path): if not SCHEMA_STAKING_ANY_ACCOUNT.match(withdrawal.path):
raise INVALID_WITHDRAWAL raise INVALID_WITHDRAWAL
@ -316,6 +317,12 @@ def _validate_withdrawals(withdrawals: list[CardanoTxWithdrawalType]) -> None:
if not 0 <= withdrawal.amount < LOVELACE_MAX_SUPPLY: if not 0 <= withdrawal.amount < LOVELACE_MAX_SUPPLY:
raise INVALID_WITHDRAWAL raise INVALID_WITHDRAWAL
path_tuple = tuple(withdrawal.path)
if path_tuple in seen_withdrawals:
raise wire.ProcessError("Duplicate withdrawals")
else:
seen_withdrawals.add(path_tuple)
def _cborize_signed_tx( def _cborize_signed_tx(
keychain: seed.Keychain, msg: CardanoSignTx keychain: seed.Keychain, msg: CardanoSignTx