Merge pull request #1754 from bitcoinjs/fix/addwarning
Add warning to future segwit version address generation/parsing
This commit is contained in:
commit
4e02ba70b1
4 changed files with 22 additions and 4 deletions
2
package-lock.json
generated
2
package-lock.json
generated
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "bitcoinjs-lib",
|
"name": "bitcoinjs-lib",
|
||||||
"version": "6.0.0",
|
"version": "6.0.1",
|
||||||
"lockfileVersion": 1,
|
"lockfileVersion": 1,
|
||||||
"requires": true,
|
"requires": true,
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "bitcoinjs-lib",
|
"name": "bitcoinjs-lib",
|
||||||
"version": "6.0.0",
|
"version": "6.0.1",
|
||||||
"description": "Client-side Bitcoin JavaScript library",
|
"description": "Client-side Bitcoin JavaScript library",
|
||||||
"main": "./src/index.js",
|
"main": "./src/index.js",
|
||||||
"types": "./src/index.d.ts",
|
"types": "./src/index.d.ts",
|
||||||
|
|
|
@ -13,6 +13,11 @@ const FUTURE_SEGWIT_MIN_SIZE = 2;
|
||||||
const FUTURE_SEGWIT_MAX_VERSION = 16;
|
const FUTURE_SEGWIT_MAX_VERSION = 16;
|
||||||
const FUTURE_SEGWIT_MIN_VERSION = 1;
|
const FUTURE_SEGWIT_MIN_VERSION = 1;
|
||||||
const FUTURE_SEGWIT_VERSION_DIFF = 0x50;
|
const FUTURE_SEGWIT_VERSION_DIFF = 0x50;
|
||||||
|
const FUTURE_SEGWIT_VERSION_WARNING =
|
||||||
|
'WARNING: Sending to a future segwit version address can lead to loss of funds. ' +
|
||||||
|
'End users MUST be warned carefully in the GUI and asked if they wish to proceed ' +
|
||||||
|
'with caution. Wallets should verify the segwit version from the output of fromBech32, ' +
|
||||||
|
'then decide when it is safe to use which version of segwit.';
|
||||||
function _toFutureSegwitAddress(output, network) {
|
function _toFutureSegwitAddress(output, network) {
|
||||||
const data = output.slice(2);
|
const data = output.slice(2);
|
||||||
if (
|
if (
|
||||||
|
@ -28,6 +33,7 @@ function _toFutureSegwitAddress(output, network) {
|
||||||
throw new TypeError('Invalid version for segwit address');
|
throw new TypeError('Invalid version for segwit address');
|
||||||
if (output[1] !== data.length)
|
if (output[1] !== data.length)
|
||||||
throw new TypeError('Invalid script for segwit address');
|
throw new TypeError('Invalid script for segwit address');
|
||||||
|
console.warn(FUTURE_SEGWIT_VERSION_WARNING);
|
||||||
return toBech32(data, version, network.bech32);
|
return toBech32(data, version, network.bech32);
|
||||||
}
|
}
|
||||||
function fromBase58Check(address) {
|
function fromBase58Check(address) {
|
||||||
|
@ -128,11 +134,13 @@ function toOutputScript(address, network) {
|
||||||
decodeBech32.version <= FUTURE_SEGWIT_MAX_VERSION &&
|
decodeBech32.version <= FUTURE_SEGWIT_MAX_VERSION &&
|
||||||
decodeBech32.data.length >= FUTURE_SEGWIT_MIN_SIZE &&
|
decodeBech32.data.length >= FUTURE_SEGWIT_MIN_SIZE &&
|
||||||
decodeBech32.data.length <= FUTURE_SEGWIT_MAX_SIZE
|
decodeBech32.data.length <= FUTURE_SEGWIT_MAX_SIZE
|
||||||
)
|
) {
|
||||||
|
console.warn(FUTURE_SEGWIT_VERSION_WARNING);
|
||||||
return bscript.compile([
|
return bscript.compile([
|
||||||
decodeBech32.version + FUTURE_SEGWIT_VERSION_DIFF,
|
decodeBech32.version + FUTURE_SEGWIT_VERSION_DIFF,
|
||||||
decodeBech32.data,
|
decodeBech32.data,
|
||||||
]);
|
]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
throw new Error(address + ' has no matching Script');
|
throw new Error(address + ' has no matching Script');
|
||||||
|
|
|
@ -23,6 +23,11 @@ const FUTURE_SEGWIT_MIN_SIZE: number = 2;
|
||||||
const FUTURE_SEGWIT_MAX_VERSION: number = 16;
|
const FUTURE_SEGWIT_MAX_VERSION: number = 16;
|
||||||
const FUTURE_SEGWIT_MIN_VERSION: number = 1;
|
const FUTURE_SEGWIT_MIN_VERSION: number = 1;
|
||||||
const FUTURE_SEGWIT_VERSION_DIFF: number = 0x50;
|
const FUTURE_SEGWIT_VERSION_DIFF: number = 0x50;
|
||||||
|
const FUTURE_SEGWIT_VERSION_WARNING: string =
|
||||||
|
'WARNING: Sending to a future segwit version address can lead to loss of funds. ' +
|
||||||
|
'End users MUST be warned carefully in the GUI and asked if they wish to proceed ' +
|
||||||
|
'with caution. Wallets should verify the segwit version from the output of fromBech32, ' +
|
||||||
|
'then decide when it is safe to use which version of segwit.';
|
||||||
|
|
||||||
function _toFutureSegwitAddress(output: Buffer, network: Network): string {
|
function _toFutureSegwitAddress(output: Buffer, network: Network): string {
|
||||||
const data = output.slice(2);
|
const data = output.slice(2);
|
||||||
|
@ -44,6 +49,8 @@ function _toFutureSegwitAddress(output: Buffer, network: Network): string {
|
||||||
if (output[1] !== data.length)
|
if (output[1] !== data.length)
|
||||||
throw new TypeError('Invalid script for segwit address');
|
throw new TypeError('Invalid script for segwit address');
|
||||||
|
|
||||||
|
console.warn(FUTURE_SEGWIT_VERSION_WARNING);
|
||||||
|
|
||||||
return toBech32(data, version, network.bech32);
|
return toBech32(data, version, network.bech32);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -163,11 +170,14 @@ export function toOutputScript(address: string, network?: Network): Buffer {
|
||||||
decodeBech32.version <= FUTURE_SEGWIT_MAX_VERSION &&
|
decodeBech32.version <= FUTURE_SEGWIT_MAX_VERSION &&
|
||||||
decodeBech32.data.length >= FUTURE_SEGWIT_MIN_SIZE &&
|
decodeBech32.data.length >= FUTURE_SEGWIT_MIN_SIZE &&
|
||||||
decodeBech32.data.length <= FUTURE_SEGWIT_MAX_SIZE
|
decodeBech32.data.length <= FUTURE_SEGWIT_MAX_SIZE
|
||||||
)
|
) {
|
||||||
|
console.warn(FUTURE_SEGWIT_VERSION_WARNING);
|
||||||
|
|
||||||
return bscript.compile([
|
return bscript.compile([
|
||||||
decodeBech32.version + FUTURE_SEGWIT_VERSION_DIFF,
|
decodeBech32.version + FUTURE_SEGWIT_VERSION_DIFF,
|
||||||
decodeBech32.data,
|
decodeBech32.data,
|
||||||
]);
|
]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue