3.9/3.10. 3.9: Remove cast which fails on a several GB malicious TX

3.10 has its impossibility documented. A malicious RPC cananot effect this code.
2024-09-29 09:51:08 +00:00 · 2023-07-10 14:43:46 -04:00 · 2023-07-10 14:43:46 -04:00 · 677b9b681f
commit 677b9b681f
parent fa1b569b78
2 changed files with 8 additions and 1 deletions
--- a/coins/bitcoin/src/wallet/mod.rs
+++ b/coins/bitcoin/src/wallet/mod.rs
@ -137,11 +137,16 @@ impl Scanner {
  pub fn scan_transaction(&self, tx: &Transaction) -> Vec<ReceivedOutput> {
    let mut res = vec![];
    for (vout, output) in tx.output.iter().enumerate() {
+      // If the vout index exceeds 2**32, stop scanning outputs
+      let Ok(vout) = u32::try_from(vout) else {
+        break
+      };
+
      if let Some(offset) = self.scripts.get(&output.script_pubkey) {
        res.push(ReceivedOutput {
          offset: *offset,
          output: output.clone(),
-          outpoint: OutPoint::new(tx.txid(), u32::try_from(vout).unwrap()),
+          outpoint: OutPoint::new(tx.txid(), vout),
        });
      }
    }
--- a/coins/bitcoin/src/wallet/send.rs
+++ b/coins/bitcoin/src/wallet/send.rs
@ -221,6 +221,8 @@ impl SignableTransaction {
    let mut sigs = vec![];
    for i in 0 .. tx.input.len() {
      let mut transcript = transcript.clone();
+      // This unwrap is safe since any transaction with this many inputs violates the maximum
+      // size allowed under standards, which this lib will error on creation of
      transcript.append_message(b"signing_input", u32::try_from(i).unwrap().to_le_bytes());

      let offset = keys.clone().offset(self.offsets[i]);