From d6b8508f6d10fa57b72cd582673d6ff2eed39ef3 Mon Sep 17 00:00:00 2001 From: Louis Singer <41042567+louisinger@users.noreply.github.com> Date: Thu, 21 Nov 2024 13:58:13 +0100 Subject: [PATCH] ListVtxos: validate address's server public key (#386) * ListVtxos: check server public key * Update server/internal/core/application/covenant.go Co-authored-by: Pietralberto Mazza <18440657+altafan@users.noreply.github.com> Signed-off-by: Louis Singer <41042567+louisinger@users.noreply.github.com> * Update server/internal/core/application/covenantless.go Co-authored-by: Pietralberto Mazza <18440657+altafan@users.noreply.github.com> Signed-off-by: Louis Singer <41042567+louisinger@users.noreply.github.com> --------- Signed-off-by: Louis Singer <41042567+louisinger@users.noreply.github.com> Co-authored-by: Pietralberto Mazza <18440657+altafan@users.noreply.github.com> --- server/internal/core/application/covenant.go | 5 +++++ server/internal/core/application/covenantless.go | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/server/internal/core/application/covenant.go b/server/internal/core/application/covenant.go index 374ac19..8a9f391 100644 --- a/server/internal/core/application/covenant.go +++ b/server/internal/core/application/covenant.go @@ -387,6 +387,11 @@ func (s *covenantService) ListVtxos(ctx context.Context, address string) ([]doma if err != nil { return nil, nil, fmt.Errorf("failed to decode address: %s", err) } + + if !bytes.Equal(schnorr.SerializePubKey(decodedAddress.Asp), schnorr.SerializePubKey(s.pubkey)) { + return nil, nil, fmt.Errorf("address does not match server pubkey") + } + pubkey := hex.EncodeToString(schnorr.SerializePubKey(decodedAddress.VtxoTapKey)) return s.repoManager.Vtxos().GetAllVtxos(ctx, pubkey) diff --git a/server/internal/core/application/covenantless.go b/server/internal/core/application/covenantless.go index 470272a..ad3fcc7 100644 --- a/server/internal/core/application/covenantless.go +++ b/server/internal/core/application/covenantless.go @@ -650,6 +650,11 @@ func (s *covenantlessService) ListVtxos(ctx context.Context, address string) ([] if err != nil { return nil, nil, fmt.Errorf("failed to decode address: %s", err) } + + if !bytes.Equal(schnorr.SerializePubKey(decodedAddress.Asp), schnorr.SerializePubKey(s.pubkey)) { + return nil, nil, fmt.Errorf("address does not match server pubkey") + } + pubkey := hex.EncodeToString(schnorr.SerializePubKey(decodedAddress.VtxoTapKey)) return s.repoManager.Vtxos().GetAllVtxos(ctx, pubkey)