diff --git a/legacy/firmware/signing.c b/legacy/firmware/signing.c index 28277c0431..5b251ac935 100644 --- a/legacy/firmware/signing.c +++ b/legacy/firmware/signing.c @@ -652,6 +652,15 @@ static bool signing_check_output(TxOutputType *txoutput) { // add it to hash_outputs // ask user for permission + if (txoutput->script_type == OutputScriptType_PAYTOOPRETURN) { + if (txoutput->has_address || (txoutput->address_n_count > 0) || + txoutput->has_multisig) { + fsm_sendFailure(FailureType_Failure_DataError, + _("OP_RETURN output with address or multisig")); + signing_abort(); + return false; + } + } // check for change address bool is_change = false; if (txoutput->address_n_count > 0) { diff --git a/legacy/firmware/transaction.c b/legacy/firmware/transaction.c index 551f38eb6d..91e2d6aff2 100644 --- a/legacy/firmware/transaction.c +++ b/legacy/firmware/transaction.c @@ -199,7 +199,8 @@ int compile_output(const CoinInfo *coin, const HDNode *root, TxOutputType *in, if (in->script_type == OutputScriptType_PAYTOOPRETURN) { // only 0 satoshi allowed for OP_RETURN - if (in->amount != 0) { + if (in->amount != 0 || in->has_address || (in->address_n_count > 0) || + in->has_multisig) { return 0; // failed to compile output } if (needs_confirm) { diff --git a/tests/device_tests/test_op_return.py b/tests/device_tests/test_op_return.py index 54c071285f..82b6d5c7c0 100644 --- a/tests/device_tests/test_op_return.py +++ b/tests/device_tests/test_op_return.py @@ -236,4 +236,9 @@ class TestOpReturn: ) assert exc.value.args[0] == proto.FailureType.DataError - assert exc.value.args[1] == "OP_RETURN output with address or multisig" + if client.features.model == "1": + assert exc.value.args[1].endswith( + "OP_RETURN output with address or multisig" + ) + else: + assert exc.value.args[1] == "OP_RETURN output with address or multisig"