arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-18 04:18:10 +00:00
Code Issues Releases Wiki Activity

feat(core): Ensure input's script type and path match the scriptPubKey.

Browse Source
This commit is contained in:
Andrew Kozlik 2021-12-03 17:44:26 +01:00 committed by Andrew Kozlik
parent a38a0b6295
commit c9e6ca30c9
3 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
core/.changelog.d/1018.changed Normal file
View File

@ -0,0 +1 @@
Ensure input's script type and path match the scriptPubKey.

1
core/.changelog.d/1018.incompatible Normal file
View File

@ -0,0 +1 @@
Trezor will refuse to sign UTXOs that do not match the provided derivation path (e.g., transactions belonging to a different wallet, or synthetic transaction inputs).

3
core/src/apps/bitcoin/sign_tx/bitcoin.py
View File

@ -229,6 +229,9 @@ class Bitcoin:
if prev_amount != txi.amount: if prev_amount != txi.amount:
raise wire.DataError("Invalid amount specified") raise wire.DataError("Invalid amount specified")
if script_pubkey != self.input_derive_script(txi):
raise wire.DataError("Input does not match scriptPubKey")
if i in self.external: if i in self.external:
await self.verify_external_input(i, txi, script_pubkey) await self.verify_external_input(i, txi, script_pubkey)