Merge pull request #1754 from bitcoinjs/fix/addwarning

Add warning to future segwit version address generation/parsing
This commit is contained in:
Jonathan Underwood 2021-11-27 08:43:54 +09:00 committed by GitHub
commit 4e02ba70b1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 4 deletions

2
package-lock.json generated
View file

@ -1,6 +1,6 @@
{ {
"name": "bitcoinjs-lib", "name": "bitcoinjs-lib",
"version": "6.0.0", "version": "6.0.1",
"lockfileVersion": 1, "lockfileVersion": 1,
"requires": true, "requires": true,
"dependencies": { "dependencies": {

View file

@ -1,6 +1,6 @@
{ {
"name": "bitcoinjs-lib", "name": "bitcoinjs-lib",
"version": "6.0.0", "version": "6.0.1",
"description": "Client-side Bitcoin JavaScript library", "description": "Client-side Bitcoin JavaScript library",
"main": "./src/index.js", "main": "./src/index.js",
"types": "./src/index.d.ts", "types": "./src/index.d.ts",

View file

@ -13,6 +13,11 @@ const FUTURE_SEGWIT_MIN_SIZE = 2;
const FUTURE_SEGWIT_MAX_VERSION = 16; const FUTURE_SEGWIT_MAX_VERSION = 16;
const FUTURE_SEGWIT_MIN_VERSION = 1; const FUTURE_SEGWIT_MIN_VERSION = 1;
const FUTURE_SEGWIT_VERSION_DIFF = 0x50; const FUTURE_SEGWIT_VERSION_DIFF = 0x50;
const FUTURE_SEGWIT_VERSION_WARNING =
'WARNING: Sending to a future segwit version address can lead to loss of funds. ' +
'End users MUST be warned carefully in the GUI and asked if they wish to proceed ' +
'with caution. Wallets should verify the segwit version from the output of fromBech32, ' +
'then decide when it is safe to use which version of segwit.';
function _toFutureSegwitAddress(output, network) { function _toFutureSegwitAddress(output, network) {
const data = output.slice(2); const data = output.slice(2);
if ( if (
@ -28,6 +33,7 @@ function _toFutureSegwitAddress(output, network) {
throw new TypeError('Invalid version for segwit address'); throw new TypeError('Invalid version for segwit address');
if (output[1] !== data.length) if (output[1] !== data.length)
throw new TypeError('Invalid script for segwit address'); throw new TypeError('Invalid script for segwit address');
console.warn(FUTURE_SEGWIT_VERSION_WARNING);
return toBech32(data, version, network.bech32); return toBech32(data, version, network.bech32);
} }
function fromBase58Check(address) { function fromBase58Check(address) {
@ -128,13 +134,15 @@ function toOutputScript(address, network) {
decodeBech32.version <= FUTURE_SEGWIT_MAX_VERSION && decodeBech32.version <= FUTURE_SEGWIT_MAX_VERSION &&
decodeBech32.data.length >= FUTURE_SEGWIT_MIN_SIZE && decodeBech32.data.length >= FUTURE_SEGWIT_MIN_SIZE &&
decodeBech32.data.length <= FUTURE_SEGWIT_MAX_SIZE decodeBech32.data.length <= FUTURE_SEGWIT_MAX_SIZE
) ) {
console.warn(FUTURE_SEGWIT_VERSION_WARNING);
return bscript.compile([ return bscript.compile([
decodeBech32.version + FUTURE_SEGWIT_VERSION_DIFF, decodeBech32.version + FUTURE_SEGWIT_VERSION_DIFF,
decodeBech32.data, decodeBech32.data,
]); ]);
} }
} }
}
throw new Error(address + ' has no matching Script'); throw new Error(address + ' has no matching Script');
} }
exports.toOutputScript = toOutputScript; exports.toOutputScript = toOutputScript;

View file

@ -23,6 +23,11 @@ const FUTURE_SEGWIT_MIN_SIZE: number = 2;
const FUTURE_SEGWIT_MAX_VERSION: number = 16; const FUTURE_SEGWIT_MAX_VERSION: number = 16;
const FUTURE_SEGWIT_MIN_VERSION: number = 1; const FUTURE_SEGWIT_MIN_VERSION: number = 1;
const FUTURE_SEGWIT_VERSION_DIFF: number = 0x50; const FUTURE_SEGWIT_VERSION_DIFF: number = 0x50;
const FUTURE_SEGWIT_VERSION_WARNING: string =
'WARNING: Sending to a future segwit version address can lead to loss of funds. ' +
'End users MUST be warned carefully in the GUI and asked if they wish to proceed ' +
'with caution. Wallets should verify the segwit version from the output of fromBech32, ' +
'then decide when it is safe to use which version of segwit.';
function _toFutureSegwitAddress(output: Buffer, network: Network): string { function _toFutureSegwitAddress(output: Buffer, network: Network): string {
const data = output.slice(2); const data = output.slice(2);
@ -44,6 +49,8 @@ function _toFutureSegwitAddress(output: Buffer, network: Network): string {
if (output[1] !== data.length) if (output[1] !== data.length)
throw new TypeError('Invalid script for segwit address'); throw new TypeError('Invalid script for segwit address');
console.warn(FUTURE_SEGWIT_VERSION_WARNING);
return toBech32(data, version, network.bech32); return toBech32(data, version, network.bech32);
} }
@ -163,13 +170,16 @@ export function toOutputScript(address: string, network?: Network): Buffer {
decodeBech32.version <= FUTURE_SEGWIT_MAX_VERSION && decodeBech32.version <= FUTURE_SEGWIT_MAX_VERSION &&
decodeBech32.data.length >= FUTURE_SEGWIT_MIN_SIZE && decodeBech32.data.length >= FUTURE_SEGWIT_MIN_SIZE &&
decodeBech32.data.length <= FUTURE_SEGWIT_MAX_SIZE decodeBech32.data.length <= FUTURE_SEGWIT_MAX_SIZE
) ) {
console.warn(FUTURE_SEGWIT_VERSION_WARNING);
return bscript.compile([ return bscript.compile([
decodeBech32.version + FUTURE_SEGWIT_VERSION_DIFF, decodeBech32.version + FUTURE_SEGWIT_VERSION_DIFF,
decodeBech32.data, decodeBech32.data,
]); ]);
} }
} }
}
throw new Error(address + ' has no matching Script'); throw new Error(address + ' has no matching Script');
} }