fix(electrum): bdk_electrum
exploit fixes
#1675
Draft
+579
−17
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #1698, #1697.
Description
The aim of this PR is to fix a few exploits that were found within
bdk_electrum
. Most notably:populate_with_txids
by returning a transaction with no output.fetch_prev_txout
should not try to query the prevouts of coinbase transactions. This will query a transaction to the Electrum server which will return an error and will make the overallsync
fail.Notes to the reviewers
rust-electrum-client
PR: feat: addid_from_pos
support rust-electrum-client#155MockElectrumClient
intobdk_testenv
, but becausebdk_testenv
'selectrum-client
is re-exported fromelectrsd
, a separate dependency would have to be added for justelectrum-client
as such that support fortxid_with_pos
will be available when PR#155 is merged. Or perhaps there is a better way to specifically testvalidate_merkle_for_anchor
that does not involve creating aMockElectrumClient
.Changelog notice
TODO
Checklists
All Submissions:
cargo fmt
andcargo clippy
before committingNew Features:
Bugfixes: