fix(keepkey): require prevout/script fields on Zcash transparent inputs#56
Merged
Merged
Conversation
The optional-field guards silently dropped prevoutTxid/prevoutIndex/ scriptPubkey when a caller passed sidecar-shaped snake_case keys, so the device received a gutted ZcashTransparentInput and rejected the shield tx with 'Invalid transparent input data'. Throw host-side naming the missing camelCase fields instead; regression test pins that snake_case input fails loudly before any message reaches the device.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
BitHighlander
added a commit
to keepkey/keepkey-vault
that referenced
this pull request
Jul 18, 2026
…ged upstream (keepkey/hdwallet#56) Same tree as the prior e343b223 pin; the SHA is now the canonical master merge commit, so tier-1 submodule lineage is clean for release.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Live-session bug: a caller passing sidecar-shaped snake_case keys (
prevout_txid/script_pubkey) tozcashSignPczthad those fields silently dropped by the optional-field guards, so the device received a guttedZcashTransparentInputand rejected every shield transaction with "Invalid transparent input data" — after the user had already approved outputs on-device.Fix
zcashSignPcztnow throws host-side, naming the missing camelCase fields (prevoutTxid/prevoutIndex/scriptPubkey), before any message reaches the device.setPrevoutTxid/setPrevoutIndex/setScriptPubkeyare now unconditional — the validation above guarantees presence.Tests
New regression test feeds a snake_case-shaped request and asserts it rejects with
missing prevoutTxidwithout aZcashTransparentInputever being sent (the transport mock records every message type). 5/5 inzcash.test.ts— the suite whose header comment declares exactly this key-name-mismatch class as its purpose.Verified end-to-end on-device: with the paired vault fix (keepkey/keepkey-vault#368) a shield tx signs and broadcasts; with a deliberately snake_case request the throw fires before device contact.
Note for merge: please use a merge commit (not squash) — keepkey/keepkey-vault#368 pins submodule gitlink
e343b223, which must remain reachable from master.