Fully-validate contents of UAs and UFVKs on parsing #5466
Comments
str4d
added
A-rust-ffi
|
Should we do this in |
|
Right now, we should do this here because we parse UAs into a C++ type. However, there's a separate issue for refactoring the C++ UA type, after which it might become a wrapper around a Rust type. If that happens, then the simplest approach would be to have the zcashd wrappers wrap types from |
|
Oh, I already did this for UAs! The transparent ones require no extra validation (they are opaque hashes), and for Sapling I already added the necessary check: zcash/src/rust/src/address_ffi.rs Lines 94 to 104 in 423489c The Orchard component is not yet checked because an API was missing at the time (but now exists): zcash/src/rust/src/address_ffi.rs Lines 78 to 86 in 423489c So I'll open an PR to add the now-possible Orchard receiver check, and implement the missing checks in the UFVK logic. |
The
zcash_addresscrate intentionally treats the internals of items as opaque bytes, in order to not impose any particular protocol-specific dependency on the downstream user (for maximum usability). However, this means the user needs to do that verification themselves for known item types. This will normally happen when they get the preferred receiver to send funds to, but in the case ofzcashdwe need to handle a bunch more types (e.g. UFVK items).For simplicity, we should just check all known item types at parse time. Then once we have the C++ representation (wrapping a pointer to the Rust version in most cases), we can assume correctness of the internals and
.expect("We already checked this")whenever we need to perform an operation on the Unified container.The text was updated successfully, but these errors were encountered: