Check if a transaction has a standard auth field which enable token-t…

…ransfer payloads
Zondax · Jun 18, 2020 · ee7e1fa · ee7e1fa
1 parent c2160be
commit ee7e1fa
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 1 deletion.
diff --git a/app/rust/src/parser/transaction.rs b/app/rust/src/parser/transaction.rs
@@ -163,7 +163,14 @@ impl<'a> Transaction<'a> {
             TransactionPayload::from_bytes,
         ))(bytes)
         {
-            Ok(tx) => Ok(Self::from(tx.1)),
+            Ok(tx) => {
+                // Note that if a transaction contains a token-transfer payload,
+                // it MUST have only a standard authorization field. It cannot be sponsored.
+                if (tx.1).6.is_token_transfer_payload() && !(tx.1).2.is_standard_auth() {
+                    return Err(ParserError::parser_invalid_transaction_payload);
+                }
+                Ok(Self::from(tx.1))
+            }
             Err(_e) => Err(ParserError::parser_unexpected_error),
         }
     }

diff --git a/app/rust/src/parser/transaction_auth.rs b/app/rust/src/parser/transaction_auth.rs
@@ -52,6 +52,13 @@ impl<'a> TransactionAuth<'a> {
         let sponsored = TransactionSpendingCondition::from_bytes(standard.0)?;
         Ok((sponsored.0, Self::Sponsored(standard.1, sponsored.1)))
     }
+
+    pub fn is_standard_auth(&self) -> bool {
+        match *self {
+            Self::Standard(_) => true,
+            _ => false,
+        }
+    }
 }
 
 #[cfg(test)]

diff --git a/app/rust/src/parser/transaction_payload.rs b/app/rust/src/parser/transaction_payload.rs
@@ -196,6 +196,13 @@ impl<'a> TransactionPayload<'a> {
         };
         Ok(res)
     }
+
+    pub fn is_token_transfer_payload(&self) -> bool {
+        match *self {
+            Self::TokenTransfer(_) => true,
+            _ => false,
+        }
+    }
 }
 
 #[cfg(test)]