allow unreasonable accounts for staking paths

vacuumlabs · Nov 24, 2020 · 3b67592 · 3b67592
1 parent aba6ab3
commit 3b67592
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/src/bip44.c b/src/bip44.c
@@ -152,8 +152,6 @@ bool bip44_isValidStakingKeyPath(const bip44_path_t* pathSpec)
 	if (bip44_containsMoreThanAddress(pathSpec)) return false;
 	if (!bip44_hasShelleyPrefix(pathSpec)) return false;
 
-	if (!bip44_hasReasonableAccount(pathSpec)) return false;
-
 	const uint32_t chainType = bip44_getChainTypeValue(pathSpec);
 	if (chainType != CARDANO_CHAIN_STAKING_KEY) return false;
 

diff --git a/src/securityPolicy.c b/src/securityPolicy.c
@@ -137,6 +137,9 @@ security_policy_t policyForGetExtendedPublicKeyBulkExport(const bip44_path_t* pa
 		WARN_IF(bip44_containsChainType(pathSpec) && !bip44_containsAddress(pathSpec));
 
 		// we are left with paths of length 5
+		WARN_UNLESS(bip44_hasReasonableAccount(pathSpec));
+
+		// staking paths for reasonable accounts are OK
 		ALLOW_IF(bip44_isValidStakingKeyPath(pathSpec));
 
 		// only ordinary address paths remain
@@ -364,6 +367,8 @@ security_policy_t policyForSignTxWitness(
 
 	if (isSigningPoolRegistrationAsOwner) {
 		DENY_UNLESS(is_valid_stake_pool_owner_path(pathSpec));
+
+		// TODO warn if account is not reasonable? see also below, we should once and for all fix the TODOs there
 	} else {
 		// TODO Perhaps we can relax this?
 		WARN_UNLESS(has_reasonable_account_and_address(pathSpec));