From 597cdcbff58aa1514cd609756a9be156d7bb666f Mon Sep 17 00:00:00 2001 From: tecnovert Date: Tue, 9 Jun 2026 14:51:50 +0200 Subject: [PATCH] fix: verify follower's script chain lock refund tx sig --- basicswap/basicswap.py | 40 +++++++++++++++++++++++++++------------- doc/release-notes.md | 1 + 2 files changed, 28 insertions(+), 13 deletions(-) diff --git a/basicswap/basicswap.py b/basicswap/basicswap.py index ac35f8d..26cec2f 100644 --- a/basicswap/basicswap.py +++ b/basicswap/basicswap.py @@ -11671,8 +11671,11 @@ class BasicSwap(BaseApp, BSXNetwork, UIApp): txid_hex = ci_from.publishTx(lock_tx_signed) if txid_hex != b2h(xmr_swap.a_lock_tx_id): + if not self.isBchXmrSwap(offer): + raise ValueError("Coin A lock tx txid changed after sending!") + self.log.info( - "Recomputing refund transactions and txids after lock tx publish." + f"Recomputing {ci_from.coin_name()} refund transactions and txids after lock tx publish." ) xmr_swap.a_lock_tx = lock_tx_signed xmr_swap.a_lock_tx_id = bytes.fromhex(txid_hex) @@ -12464,6 +12467,19 @@ class BasicSwap(BaseApp, BSXNetwork, UIApp): ) if not self.isBchXmrSwap(offer): + self.log.info("Checking follower's lock refund tx signature.") + prevout_amount = ci_from.getLockTxSwapOutputValue(bid, xmr_swap) + v = ci_from.verifyTxSig( + xmr_swap.a_lock_refund_tx, + xmr_swap.af_lock_refund_tx_sig, + xmr_swap.pkaf, + 0, + xmr_swap.a_lock_tx_script, + prevout_amount, + ) + ensure(v, "Invalid coin A lock refund tx leader sig") + xmr_swap_1.addLockRefundSigs(self, xmr_swap, ci_from) + # segwit coins sign the transaction xmr_swap.af_lock_refund_spend_tx_sig = ci_from.decryptOtVES( kbsl, xmr_swap.af_lock_refund_spend_tx_esig @@ -12478,7 +12494,16 @@ class BasicSwap(BaseApp, BSXNetwork, UIApp): xmr_swap.a_lock_refund_tx_script, prevout_amount, ) - + self.log.info("Checking follower's lock refund spend tx signature.") + v = ci_from.verifyTxSig( + xmr_swap.a_lock_refund_spend_tx, + xmr_swap.af_lock_refund_spend_tx_sig, + xmr_swap.pkaf, + 0, + xmr_swap.a_lock_refund_tx_script, + prevout_amount, + ) + ensure(v, "Invalid follower signature for lock refund spend txn") self.log.debug("Setting lock refund spend tx sigs.") witness_stack = [] if coin_from not in (Coins.DCR,): @@ -12496,17 +12521,6 @@ class BasicSwap(BaseApp, BSXNetwork, UIApp): ) ensure(signed_tx, "setTxSignature failed") xmr_swap.a_lock_refund_spend_tx = signed_tx - - v = ci_from.verifyTxSig( - xmr_swap.a_lock_refund_spend_tx, - xmr_swap.af_lock_refund_spend_tx_sig, - xmr_swap.pkaf, - 0, - xmr_swap.a_lock_refund_tx_script, - prevout_amount, - ) - ensure(v, "Invalid signature for lock refund spend txn") - xmr_swap_1.addLockRefundSigs(self, xmr_swap, ci_from) else: # BCH signs the output pkh diff --git a/doc/release-notes.md b/doc/release-notes.md index 51c19d2..341e037 100644 --- a/doc/release-notes.md +++ b/doc/release-notes.md @@ -5,6 +5,7 @@ - Updated docker base images to Debian Trixie. - By default reject secret hash type offers where the coin pair could use adaptor sig swap. - override with "strict_swap_type" setting. +- Verify follower's script chain lock refund tx sig. 0.16.4