[bisq-network/bisq] Add taker check for deposit amount (#4860)
Steven Barclay
notifications at github.com
Fri Nov 27 01:05:48 CET 2020
<!--
- make yourself familiar with the CONTRIBUTING.md if you have not already (https://github.com/bisq-network/bisq/blob/master/CONTRIBUTING.md)
- make sure you follow our [coding style guidelines][https://github.com/bisq-network/style/issues)
- pick a descriptive title
- provide some meaningful PR description below
- create the PR
- in case you receive a "Change request" and/or a NACK, please react within 30 days. If not, we will close your PR and it can not be up for compensation.
- After addressing the change request, __please re-request a review!__ Otherwise we might miss your PR as we tend to only look at pull requests tagged with a "review required".
-->
Make sure the taker checks the value of the 2-of-2 multisig output of the deposit tx created by the maker, before signing it. This avoids a potential security hole, where the maker attempts to steal most of the deposit by using the wrong output value and adding an extra 'change' output to himself.
Note that there's no actual vulnerability at present, as the output value is indirectly checked via the validation of the delayed payout tx. In particular, the extra checks added in 345426f as part of #4789 (Fix remaining blackmail vulnerabilities) place a lower bound on the delayed payout tx input value and with it the deposit tx output value. However, explicitly checking the amount is more robust.
--
This PR is mainly to provide a more robust (but less stealthy) fix than that already included in the 1.5.0 release.
You can view, comment on, or merge this pull request online at:
https://github.com/bisq-network/bisq/pull/4860
-- Commit Summary --
* Add missing output value check to takerSignsDepositTx
-- File Changes --
M core/src/main/java/bisq/core/btc/wallet/TradeWalletService.java (17)
M core/src/main/java/bisq/core/trade/protocol/tasks/buyer_as_taker/BuyerAsTakerSignsDepositTx.java (6)
M core/src/main/java/bisq/core/trade/protocol/tasks/seller_as_taker/SellerAsTakerSignsDepositTx.java (6)
-- Patch Links --
https://github.com/bisq-network/bisq/pull/4860.patch
https://github.com/bisq-network/bisq/pull/4860.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/pull/4860
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20201126/9528570a/attachment.htm>
More information about the bisq-github
mailing list