akovalenko/lnd.xprv
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #2922 from ccdle12/prevent-sendcoins-pubkey

Browse Source 
rpcserver: Prevent SendCoins to Pubkey
This commit is contained in:
Olaoluwa Osuntokun 2019-04-22 16:03:48 -07:00 committed by GitHub
commit 6c60caa852
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
lnd_test.go
View File

@ -13044,6 +13044,36 @@ func testSweepAllCoins(net *lntest.NetworkHarness, t *harnessTest) {
t.Fatalf("unable to send coins to eve: %v", err)
}
// Ensure that we can't send coins to our own Pubkey.
info, err := ainz.GetInfo(ctxt, &lnrpc.GetInfoRequest{})
if err != nil {
t.Fatalf("unable to get node info: %v", err)
}
sweepReq := &lnrpc.SendCoinsRequest{
Addr: info.IdentityPubkey,
SendAll: true,
}
_, err = ainz.SendCoins(ctxt, sweepReq)
if err == nil {
t.Fatalf("expected SendCoins to users own pubkey to fail")
}
// Ensure that we can't send coins to another users Pubkey.
info, err = net.Alice.GetInfo(ctxt, &lnrpc.GetInfoRequest{})
if err != nil {
t.Fatalf("unable to get node info: %v", err)
}
sweepReq = &lnrpc.SendCoinsRequest{
Addr: info.IdentityPubkey,
SendAll: true,
}
_, err = ainz.SendCoins(ctxt, sweepReq)
if err == nil {
t.Fatalf("expected SendCoins to Alices pubkey to fail")
}
// With the two coins above mined, we'll now instruct ainz to sweep all
// the coins to an external address not under its control.
// We will first attempt to send the coins to addresses that are not
@ -13053,7 +13083,7 @@ func testSweepAllCoins(net *lntest.NetworkHarness, t *harnessTest) {
// Send coins to a testnet3 address.
ctxt, _ = context.WithTimeout(ctxb, defaultTimeout)
sweepReq := &lnrpc.SendCoinsRequest{
sweepReq = &lnrpc.SendCoinsRequest{
Addr: "tb1qfc8fusa98jx8uvnhzavxccqlzvg749tvjw82tg",
SendAll: true,
}

9
rpcserver.go
View File

@ -913,6 +913,15 @@ func (r *rpcServer) SendCoins(ctx context.Context,
activeNetParams.Params.Name)
}
// If the destination address parses to a valid pubkey, we assume the user
// accidently tried to send funds to a bare pubkey address. This check is
// here to prevent unintended transfers.
decodedAddr, _ := hex.DecodeString(in.Addr)
_, err = btcec.ParsePubKey(decodedAddr, btcec.S256())
if err == nil {
return nil, fmt.Errorf("cannot send coins to pubkeys")
}
var txid *chainhash.Hash
wallet := r.server.cc.wallet