-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scanning a QRcode that does not include an address component crashes #44
Comments
BIP21 formatted QR codes require an address. Even if I extend it with BIP72, I will continue requiring an address (and an amount, if present in the payment request) in order to link the URL to the payment request. For backwards compatibility I expect services to use these fields anyway. |
That's not compliant with the spec, which says If the "r" parameter is provided and backwards compatibility is not required, then the bitcoin address portion of the URI may be omitted (the URI will be of the form: bitcoin:?r=... ). That means it's up to the creator of the URI if backwards compatibility is required or not, not the wallet author. I don't understand what you mean by "link the URL to the payment request"? If a payment request is present the data in the URI is ignored. At any rate, crashing with a NPE is definitely the wrong thing to do. |
We talked about the linking several times. The goal is I can be sure the payment request is from the person who showed me the QR code. Since up to now no better solution was agreed on, I will use what I have. The spec is "draft" for a reason. |
Why would someone show you a QR code with someone else's payment request on it? |
The "request for the payment request" can be MITM'ed. X.509 is of no value for face to face payments. |
Sure, I'm not saying generate addressless qr codes yourself. Just don't
|
Sure, I'm with you on that. I will fix this crash shortly. |
Fixed. |
bitcoin:?r=http%3A%2F%2Fbitcoincore.org%2F%7Egavin%2Ff.php%3Fh%3D27b38af94a7ad733d329f7302a107076
Turn this into a QR code
Scan. Crash due to BitcoinURI.getAddress() returning null and then getNetworkParameters() being invoked on it. In the case where no address is present, the code should just assume the URL matches the current network params and catch the mismatch later once it's downloaded.
The text was updated successfully, but these errors were encountered: