Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate UTXO data for build_fee_bump #1704

Open
notmandatory opened this issue Nov 14, 2024 · 0 comments
Open

Validate UTXO data for build_fee_bump #1704

notmandatory opened this issue Nov 14, 2024 · 0 comments
Labels
audit Suggested as result of external code audit module-wallet

Comments

@notmandatory
Copy link
Member

notmandatory commented Nov 14, 2024
edited
Loading

"In build_fee_bump when getting the original utxos the function assumes the previous transaction's output list does contain the output referred by each input of the transaction to be bumped. It will crash otherwise. Although it generally holds, it doesn't necessarily."

"Utxo::txout() will crash if prev_tx.output does not contain its prevout. The only place where a Utxo::Foreign is created without checking whether the outpoint's index is within the bounds of prev_tx.output is in build_fee_bump, where BDK would have crashed earlier (L1653) if it wasn't the case."
@notmandatory notmandatory added this to BDK Nov 14, 2024
@notmandatory notmandatory converted this from a draft issue Nov 14, 2024
@notmandatory notmandatory moved this to Discussion in BDK Nov 14, 2024
@notmandatory notmandatory added module-wallet audit Suggested as result of external code audit labels Nov 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
audit Suggested as result of external code audit module-wallet
Projects
BDK
Status: Discussion
Milestone
No milestone
Development

No branches or pull requests
1 participant
@notmandatory