You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, PSBT checks if setVersion, setLocktime, setInputSequence, addInput, addOutput can be performed by checking the existence of partialSigs, and what sighash they use.
However, after running finalizeAllInputs but BEFORE running extractTransaction, you can change the transaction, and it will extract an invalid transaction (since the transaction changed since the signature)...
Some ways to fix this:
fail partialSig check if final* attributes are present.
if no partialSig but final* exists, parse final* and search for any signatures and check the sighash (simple fix, but very performance intensive (it checks all inputs every time))
1 seems simple, but there might be a use case where someone wants to pass around PSBTs with only SOME finalized inputs that have SIGHASH_ANYONECANPAY etc. and want to allow other people to add more inputs etc.
In which case 2 is more correct.
The text was updated successfully, but these errors were encountered:
Currently, PSBT checks if setVersion, setLocktime, setInputSequence, addInput, addOutput can be performed by checking the existence of partialSigs, and what sighash they use.
However, after running finalizeAllInputs but BEFORE running extractTransaction, you can change the transaction, and it will extract an invalid transaction (since the transaction changed since the signature)...
Some ways to fix this:
1 seems simple, but there might be a use case where someone wants to pass around PSBTs with only SOME finalized inputs that have SIGHASH_ANYONECANPAY etc. and want to allow other people to add more inputs etc.
In which case 2 is more correct.
The text was updated successfully, but these errors were encountered: