New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fully-validate contents of UAs and UFVKs on parsing #5466
Comments
Should we do this in |
Right now, we should do this here because we parse UAs into a C++ type. However, there's a separate issue for refactoring the C++ UA type, after which it might become a wrapper around a Rust type. If that happens, then the simplest approach would be to have the zcashd wrappers wrap types from |
Oh, I already did this for UAs! The transparent ones require no extra validation (they are opaque hashes), and for Sapling I already added the necessary check: zcash/src/rust/src/address_ffi.rs Lines 94 to 104 in 423489c
The Orchard component is not yet checked because an API was missing at the time (but now exists): zcash/src/rust/src/address_ffi.rs Lines 78 to 86 in 423489c
So I'll open an PR to add the now-possible Orchard receiver check, and implement the missing checks in the UFVK logic. |
The
zcash_address
crate intentionally treats the internals of items as opaque bytes, in order to not impose any particular protocol-specific dependency on the downstream user (for maximum usability). However, this means the user needs to do that verification themselves for known item types. This will normally happen when they get the preferred receiver to send funds to, but in the case ofzcashd
we need to handle a bunch more types (e.g. UFVK items).For simplicity, we should just check all known item types at parse time. Then once we have the C++ representation (wrapping a pointer to the Rust version in most cases), we can assume correctness of the internals and
.expect("We already checked this")
whenever we need to perform an operation on the Unified container.The text was updated successfully, but these errors were encountered: