Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve safety of finalize_psbt #1711

Open
notmandatory opened this issue Nov 14, 2024 · 0 comments
Open

Improve safety of finalize_psbt #1711

notmandatory opened this issue Nov 14, 2024 · 0 comments
Labels
audit Suggested as result of external code audit module-wallet

Comments

@notmandatory
Copy link
Member

"In finalize_psbt, the code at lines 1910-1911 assumes a PSBT input corresponds to the inner transaction input. This only holds because it was checked 50 lines before (L1862). It'd be more careful to use get(n).ok_or(...)? to access the input around line 1910 too, in case the check 50 lines earlier was removed or updated. This is the kind of bug that could slip through review as it'd affect code outside the diff, and could realistically cause an issue as a PSBT is often externally provided: it can be reasonably anticipated to be turned into a remote crasher for some applications."
@notmandatory notmandatory added audit Suggested as result of external code audit module-wallet labels Nov 14, 2024
@notmandatory notmandatory added this to BDK Nov 14, 2024
@notmandatory notmandatory moved this to Discussion in BDK Nov 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
audit Suggested as result of external code audit module-wallet
Projects
BDK
Status: Discussion
Milestone
No milestone
Development

No branches or pull requests
1 participant
@notmandatory