fix(bitcoin): reject Taproot source addresses up front in reserve proof path#477
Open
jeffrey701 wants to merge 1 commit into
Open
fix(bitcoin): reject Taproot source addresses up front in reserve proof path#477jeffrey701 wants to merge 1 commit into
jeffrey701 wants to merge 1 commit into
Conversation
…of path is_valid_address accepts Taproot (bc1p) via address_to_scriptpubkey, which is correct for swap destinations, but sign_from_proof/verify_from_proof only support BIP-137 (P2PKH/P2WPKH/P2SH-P2WPKH). A bc1p source therefore passed validation and then dead-ended at reserve with messages about missing keys or bad signatures that never named the address type. Add BitcoinProvider.is_proof_supported() as the capability check for the proof path and guard sign_or_prompt_external on it for BTC sources, so a Taproot source is rejected up front with an explicit message instead of the misleading external-signature prompt. Destinations are unaffected (is_valid_address unchanged); the validator backstop already rejects P2TR proofs. Closes entrius#476
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
#453 made
is_valid_addressaccept Taproot (bc1p) addresses, which is right for swap destinations. But the proof path (sign_from_proof/verify_from_proof) is BIP-137 only, so a bc1p source now passes validation and then dead-ends at reserve — the CLI prompts for a signing key that can never work, and the only hint that the address type is the blocker is a buried provider log line.This rejects Taproot sources up front instead. Added
BitcoinProvider.is_proof_supported()(true only for the P2PKH/P2WPKH/P2SH-P2WPKH types the proof path can actually handle) and check it insign_or_prompt_externalfor BTC sources, printing an explicit message before the misleading key prompt. Destinations are unaffected (is_valid_addressunchanged), and the validator already rejects P2TR proofs, so this is the CLI-side half. Tests cover the new capability check.Closes #476