From f66fe3c1cb56f90f9d1f1ba8c4d2ff4dc6fa9768 Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Thu, 20 Jul 2023 00:00:20 -0400 Subject: [PATCH] 3.10 Remove use of Network::Bitcoin All uses were safe due to addresses being converted to script_pubkeys which don't embed their network. The only risk of there being an issue is if a future address spec did embed the net ID into the script_pubkey and that was moved to. This resolves the audit note and does offer that tightening. --- coins/bitcoin/src/wallet/mod.rs | 14 +++++++------- coins/bitcoin/src/wallet/send.rs | 8 +++----- coins/bitcoin/tests/wallet.rs | 21 ++++++++++++++------- processor/src/coins/bitcoin.rs | 7 ++++--- 4 files changed, 28 insertions(+), 22 deletions(-) diff --git a/coins/bitcoin/src/wallet/mod.rs b/coins/bitcoin/src/wallet/mod.rs index d3575df2..bfe5494c 100644 --- a/coins/bitcoin/src/wallet/mod.rs +++ b/coins/bitcoin/src/wallet/mod.rs @@ -15,7 +15,8 @@ use frost::{ use bitcoin::{ consensus::encode::{Decodable, serialize}, key::TweakedPublicKey, - OutPoint, ScriptBuf, TxOut, Transaction, Block, Network, Address, + address::Payload, + OutPoint, ScriptBuf, TxOut, Transaction, Block, }; use crate::crypto::{x_only, make_even}; @@ -32,15 +33,15 @@ pub fn tweak_keys(keys: &ThresholdKeys) -> ThresholdKeys { keys.offset(Scalar::from(offset)) } -/// Return the Taproot address for a public key. +/// Return the Taproot address payload for a public key. /// /// If the key is odd, this will return None. -pub fn address(network: Network, key: ProjectivePoint) -> Option
{ +pub fn address_payload(key: ProjectivePoint) -> Option { if key.to_encoded_point(true).tag() != Tag::CompressedEvenY { return None; } - Some(Address::p2tr_tweaked(TweakedPublicKey::dangerous_assume_tweaked(x_only(&key)), network)) + Some(Payload::p2tr_tweaked(TweakedPublicKey::dangerous_assume_tweaked(x_only(&key)))) } /// A spendable output. @@ -109,8 +110,7 @@ impl Scanner { /// Returns None if this key can't be scanned for. pub fn new(key: ProjectivePoint) -> Option { let mut scripts = HashMap::new(); - // Uses Network::Bitcoin since network is irrelevant here - scripts.insert(address(Network::Bitcoin, key)?.script_pubkey(), Scalar::ZERO); + scripts.insert(address_payload(key)?.script_pubkey(), Scalar::ZERO); Some(Scanner { key, scripts }) } @@ -127,7 +127,7 @@ impl Scanner { // chance of being even // That means this should terminate within a very small amount of iterations loop { - match address(Network::Bitcoin, self.key + (ProjectivePoint::GENERATOR * offset)) { + match address_payload(self.key + (ProjectivePoint::GENERATOR * offset)) { Some(address) => { let script = address.script_pubkey(); if self.scripts.contains_key(&script) { diff --git a/coins/bitcoin/src/wallet/send.rs b/coins/bitcoin/src/wallet/send.rs index 3d18c47c..e4669f97 100644 --- a/coins/bitcoin/src/wallet/send.rs +++ b/coins/bitcoin/src/wallet/send.rs @@ -16,12 +16,12 @@ use bitcoin::{ sighash::{TapSighashType, SighashCache, Prevouts}, absolute::LockTime, script::{PushBytesBuf, ScriptBuf}, - OutPoint, Sequence, Witness, TxIn, TxOut, Transaction, Network, Address, + OutPoint, Sequence, Witness, TxIn, TxOut, Transaction, Address, }; use crate::{ crypto::Schnorr, - wallet::{address, ReceivedOutput}, + wallet::{ReceivedOutput, address_payload}, }; #[rustfmt::skip] @@ -226,9 +226,7 @@ impl SignableTransaction { transcript.append_message(b"signing_input", u32::try_from(i).unwrap().to_le_bytes()); let offset = keys.clone().offset(self.offsets[i]); - if address(Network::Bitcoin, offset.group_key())?.script_pubkey() != - self.prevouts[i].script_pubkey - { + if address_payload(offset.group_key())?.script_pubkey() != self.prevouts[i].script_pubkey { None?; } diff --git a/coins/bitcoin/tests/wallet.rs b/coins/bitcoin/tests/wallet.rs index ab614573..be135d4e 100644 --- a/coins/bitcoin/tests/wallet.rs +++ b/coins/bitcoin/tests/wallet.rs @@ -22,9 +22,12 @@ use bitcoin_serai::{ hashes::Hash as HashTrait, blockdata::opcodes::all::OP_RETURN, script::{PushBytesBuf, Instruction, Instructions, Script}, + address::NetworkChecked, OutPoint, TxOut, Transaction, Network, Address, }, - wallet::{tweak_keys, address, ReceivedOutput, Scanner, TransactionError, SignableTransaction}, + wallet::{ + tweak_keys, address_payload, ReceivedOutput, Scanner, TransactionError, SignableTransaction, + }, rpc::Rpc, }; @@ -43,7 +46,10 @@ async fn send_and_get_output(rpc: &Rpc, scanner: &Scanner, key: ProjectivePoint) rpc .rpc_call::>( "generatetoaddress", - serde_json::json!([1, address(Network::Regtest, key).unwrap()]), + serde_json::json!([ + 1, + Address::::new(Network::Regtest, address_payload(key).unwrap()) + ]), ) .await .unwrap(); @@ -187,7 +193,7 @@ async_sequential! { assert_eq!(output.offset(), Scalar::ZERO); let inputs = vec![output]; - let addr = || address(Network::Regtest, key).unwrap(); + let addr = || Address::::new(Network::Regtest, address_payload(key).unwrap()); let payments = vec![(addr(), 1000)]; assert!(SignableTransaction::new(inputs.clone(), &payments, None, None, FEE).is_ok()); @@ -250,13 +256,14 @@ async_sequential! { // Declare payments, change, fee let payments = [ - (address(Network::Regtest, key).unwrap(), 1005), - (address(Network::Regtest, offset_key).unwrap(), 1007) + (Address::::new(Network::Regtest, address_payload(key).unwrap()), 1005), + (Address::::new(Network::Regtest, address_payload(offset_key).unwrap()), 1007) ]; let change_offset = scanner.register_offset(Scalar::random(&mut OsRng)).unwrap(); let change_key = key + (ProjectivePoint::GENERATOR * change_offset); - let change_addr = address(Network::Regtest, change_key).unwrap(); + let change_addr = + Address::::new(Network::Regtest, address_payload(change_key).unwrap()); // Create and sign the TX let tx = SignableTransaction::new( @@ -327,7 +334,7 @@ async_sequential! { SignableTransaction::new( vec![output], &[], - address(Network::Regtest, key), + Some(Address::::new(Network::Regtest, address_payload(key).unwrap())), Some(data.clone()), FEE ).unwrap() diff --git a/processor/src/coins/bitcoin.rs b/processor/src/coins/bitcoin.rs index 1de34bca..27b3869c 100644 --- a/processor/src/coins/bitcoin.rs +++ b/processor/src/coins/bitcoin.rs @@ -17,10 +17,11 @@ use bitcoin_serai::{ hashes::Hash as HashTrait, consensus::{Encodable, Decodable}, script::Instruction, + address::{NetworkChecked, Address as BAddress}, OutPoint, Transaction, Block, Network, }, wallet::{ - tweak_keys, address, ReceivedOutput, Scanner, TransactionError, + tweak_keys, address_payload, ReceivedOutput, Scanner, TransactionError, SignableTransaction as BSignableTransaction, TransactionMachine, }, rpc::{RpcError, Rpc}, @@ -33,7 +34,7 @@ use bitcoin_serai::bitcoin::{ sighash::{EcdsaSighashType, SighashCache}, script::{PushBytesBuf, Builder}, absolute::LockTime, - Sequence, Script, Witness, TxIn, TxOut, Address as BAddress, + Sequence, Script, Witness, TxIn, TxOut, }; use serai_client::{ @@ -326,7 +327,7 @@ impl Coin for Bitcoin { } fn address(key: ProjectivePoint) -> Address { - Address(address(Network::Bitcoin, key).unwrap()) + Address(BAddress::::new(Network::Bitcoin, address_payload(key).unwrap())) } fn branch_address(key: ProjectivePoint) -> Self::Address {