-
Notifications
You must be signed in to change notification settings - Fork 331
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(electrum): bdk_electrum
coinbase merkle and populate_with_txids
exploit fixes
#1675
base: master
Are you sure you want to change the base?
fix(electrum): bdk_electrum
coinbase merkle and populate_with_txids
exploit fixes
#1675
Conversation
bdk_electrum
exploit fixes draftbdk_electrum
exploit fixes
4c62df8
to
d7eac3e
Compare
9370150
to
4d0af70
Compare
4d0af70
to
721bae4
Compare
ba7e5cc
to
f4be0d0
Compare
1ed60dd
to
94296ca
Compare
Isn't this one part of 1.0 milestone? I guess it's missing it and not appearing on the project board. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Concept ACK
I'm planning giving this one a test throughout the weekend, and think more about the approach with MockElectrumClient
.
For the audit issue #1698 you fixed it with #1756. Can you update this to just be checking Merkle proofs? And if so then I'd say this is a new feature that can be put off to a post 1.0.0 release.
Agree, the commit with the fix on coinbase prevout should be dropped. The remaining two fixes (I guess) can either be together in this PR or separate, it'd depend on the priority of each one on 1.0.0-beta
milestone.
This fix validates the coinbase merkle path when checking the merkle proof of a transaction we are inserting within the same block. This check mitigates a known brute force exploit that could insert an invalid transaction. f
94296ca
to
122b697
Compare
bdk_electrum
exploit fixesbdk_electrum
coinbase merkle and populate_with_txids
exploit fixes
Fixes #1698, #1697.
Description
The aim of this PR is to fix a few exploits that were found within
bdk_electrum
. Most notably:populate_with_txids
by returning a transaction with no output.fetch_prev_txout
should not try to query the prevouts of coinbase transactions. This will query a transaction to the Electrum server which will return an error and will make the overallsync
fail.Notes to the reviewers
MockElectrumClient
intobdk_testenv
, but becausebdk_testenv
'selectrum-client
is re-exported fromelectrsd
, a separate dependency would have to be added just forelectrum-client
0.22 support. However, since we are doing in-line tests to access private functions, there is a strong argument for leaving the test structures where they are currently at. Or perhaps there is a better way to specifically testvalidate_merkle_for_anchor
that does not involve creating aMockElectrumClient
, similar to what @evanlinjin is doing here: https://github.com/evanlinjin/experiments/blob/main/electrum_c/src/state.rs.Changelog notice
fetch_prev_txout
no longer queries coinbase transactions.populate_with_txids
will no longer panic on transactions with no outputs.Checklists
All Submissions:
cargo fmt
andcargo clippy
before committingNew Features:
Bugfixes: