From 255f38e72d16756038db6b86512d95f8b606405b Mon Sep 17 00:00:00 2001 From: Wilmer Paulino Date: Fri, 9 Nov 2018 17:38:01 -0800 Subject: [PATCH] lnwallet/btcwallet: check output is under our control in FetchInputInfo In this commit, we add an additional check to btcwallet's FetchInputInfo method to ensure the output is actually under control of the wallet. Previously, the wallet would assume the output was under its control if the txid of the output was found within the wallet. This is not a safe assumption to make however, because if we happened to be the sender of this transaction, it would be found within the wallet but it's not actually under our control. To fix this, we explicitly check that there exists an address in our wallet for this output. --- lnwallet/btcwallet/signer.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/lnwallet/btcwallet/signer.go b/lnwallet/btcwallet/signer.go index 98b9d909..21f09592 100644 --- a/lnwallet/btcwallet/signer.go +++ b/lnwallet/btcwallet/signer.go @@ -44,7 +44,14 @@ func (b *BtcWallet) FetchInputInfo(prevOut *wire.OutPoint) (*wire.TxOut, error) return nil, lnwallet.ErrNotMine } + // With the output retrieved, we'll make an additional check to ensure + // we actually have control of this output. We do this because the check + // above only guarantees that the transaction is somehow relevant to us, + // like in the event of us being the sender of the transaction. output = txDetail.TxRecord.MsgTx.TxOut[prevOut.Index] + if _, err := b.fetchOutputAddr(output.PkScript); err != nil { + return nil, err + } b.cacheMtx.Lock() b.utxoCache[*prevOut] = output @@ -72,7 +79,7 @@ func (b *BtcWallet) fetchOutputAddr(script []byte) (waddrmgr.ManagedAddress, err } } - return nil, errors.Errorf("address not found") + return nil, lnwallet.ErrNotMine } // fetchPrivKey attempts to retrieve the raw private key corresponding to the @@ -196,7 +203,7 @@ func (b *BtcWallet) ComputeInputScript(tx *wire.MsgTx, outputScript := signDesc.Output.PkScript walletAddr, err := b.fetchOutputAddr(outputScript) if err != nil { - return nil, nil + return nil, err } pka := walletAddr.(waddrmgr.ManagedPubKeyAddress)