Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: ignore extra btc vouts #4296

Merged
merged 2 commits into from
Nov 30, 2023
Merged

fix: ignore extra btc vouts #4296

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
dbcd166
fix: ignore extra btc vouts
kylezs Nov 30, 2023
a795b13
refactor: iteratoooors
kylezs Nov 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 46 additions & 13 deletions engine/src/witness/btc/btc_deposits.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,11 +80,14 @@ fn deposit_witnesses(
let mut deposit_witnesses = Vec::new();
for tx in txs {
let tx_hash = tx.txid().as_raw_hash().to_byte_array();

let mut deposits_for_this_tx = vec![];
for (vout, tx_out) in (0..).zip(&tx.output) {
if tx_out.value > 0 {
let tx_script_pubkey_bytes = tx_out.script_pubkey.to_bytes();
if let Some(bitcoin_script) = script_addresses.get(&tx_script_pubkey_bytes) {
deposit_witnesses.push(DepositWitness {
// we have a deposit to our address
deposits_for_this_tx.push(DepositWitness {
deposit_address: bitcoin_script.clone(),
asset: btc::Asset::Btc,
amount: tx_out.value,
Expand All @@ -93,6 +96,17 @@ fn deposit_witnesses(
}
}
}

// We only take the largest output of a tx as a deposit witness. This is to avoid attackers
// spamming us with many small outputs in a tx. Inputs are more expensive than outputs -
// thus, the attacker could send many outputs (cheap for them) which results in us needing
// to sign many *inputs*, expensive for us. sort by descending by amount
deposits_for_this_tx.sort_by(|a: &DepositWitness<Bitcoin>, b: &DepositWitness<Bitcoin>| {
b.amount.cmp(&a.amount)
});
if let Some(deposit) = deposits_for_this_tx.get(0) {
deposit_witnesses.push(deposit.clone());
}
}
deposit_witnesses
}
Expand Down Expand Up @@ -177,20 +191,25 @@ mod tests {

#[test]
fn deposit_witnesses_several_same_tx() {
const UTXO_WITNESSED_1: u64 = 2324;
const UTXO_WITNESSED_2: u64 = 1234;
const LARGEST_UTXO_TO_DEPOSIT: u64 = 2324;
const UTXO_TO_DEPOSIT_2: u64 = 1234;
const UTXO_TO_DEPOSIT_3: u64 = 2000;

let btc_deposit_script: ScriptPubkey = DepositAddress::new([0; 32], 9).script_pubkey();

let txs = vec![
fake_transaction(vec![
TxOut {
value: UTXO_WITNESSED_1,
value: UTXO_TO_DEPOSIT_2,
script_pubkey: ScriptBuf::from(btc_deposit_script.bytes()),
},
TxOut { value: 12223, script_pubkey: ScriptBuf::from(vec![0, 32, 121, 9]) },
TxOut {
value: UTXO_WITNESSED_2,
value: LARGEST_UTXO_TO_DEPOSIT,
script_pubkey: ScriptBuf::from(btc_deposit_script.bytes()),
},
TxOut {
value: UTXO_TO_DEPOSIT_3,
script_pubkey: ScriptBuf::from(btc_deposit_script.bytes()),
},
]),
Expand All @@ -199,9 +218,8 @@ mod tests {

let deposit_witnesses =
deposit_witnesses(&txs, script_addresses(vec![fake_details(btc_deposit_script)]));
assert_eq!(deposit_witnesses.len(), 2);
assert_eq!(deposit_witnesses[0].amount, UTXO_WITNESSED_1);
assert_eq!(deposit_witnesses[1].amount, UTXO_WITNESSED_2);
assert_eq!(deposit_witnesses.len(), 1);
assert_eq!(deposit_witnesses[0].amount, LARGEST_UTXO_TO_DEPOSIT);
}

#[test]
Expand All @@ -212,13 +230,28 @@ mod tests {
const UTXO_WITNESSED_2: u64 = 1234;
let txs = vec![
fake_transaction(vec![
TxOut { value: 2324, script_pubkey: ScriptBuf::from(btc_deposit_script.bytes()) },
TxOut {
value: UTXO_WITNESSED_1,
script_pubkey: ScriptBuf::from(btc_deposit_script.bytes()),
},
TxOut { value: 12223, script_pubkey: ScriptBuf::from(vec![0, 32, 121, 9]) },
TxOut {
// smaller value, so we will only take the largest one
value: UTXO_WITNESSED_1 - 1,
script_pubkey: ScriptBuf::from(btc_deposit_script.bytes()),
},
]),
fake_transaction(vec![
TxOut {
// smaller, so we only take the largest (different order to above)
value: UTXO_WITNESSED_2 - 10,
script_pubkey: ScriptBuf::from(btc_deposit_script.bytes()),
},
TxOut {
value: UTXO_WITNESSED_2,
script_pubkey: ScriptBuf::from(btc_deposit_script.bytes()),
},
]),
fake_transaction(vec![TxOut {
value: 1234,
script_pubkey: ScriptBuf::from(btc_deposit_script.bytes()),
}]),
];

let deposit_witnesses =
Expand Down
Loading