Verify Bob's redeem encsig as Alice

Not doing so means that receiving an invalid encrypted signature from Bob would make the generator produce a `RedeemBtc` action that should not be accepted by the node (since Bob's signature would be invalid after decrypting his encrypted signature). It's better to fail early and let the user know what went wrong, rather than let them hit an incomprehensible error when using their wallet.
2025-01-23 13:51:08 -05:00 · 2020-10-26 11:27:35 +11:00 · 2020-10-26 11:27:35 +11:00 · 41e8c7283c
commit 41e8c7283c
parent def3399d1c
1 changed files with 14 additions and 0 deletions
--- a/xmr-btc/src/alice.rs
+++ b/xmr-btc/src/alice.rs
@ -99,6 +99,9 @@ where
    /// Reason why the swap has failed.
    #[derive(Debug)]
    enum Reason {
+        /// Bob's encrypted signature on the Bitcoin redeem transaction is
+        /// invalid.
+        InvalidEncryptedSignature,
        /// The refund timelock has been reached.
        BtcExpired,
    }
@ -169,6 +172,17 @@ where

                let tx_redeem = bitcoin::TxRedeem::new(&tx_lock, &redeem_address);

+                bitcoin::verify_encsig(
+                    B.clone(),
+                    s_a.into_secp256k1().into(),
+                    &tx_redeem.digest(),
+                    &tx_redeem_encsig,
+                )
+                .map_err(|_| SwapFailed::AfterXmrLock {
+                    reason: Reason::InvalidEncryptedSignature,
+                    tx_lock_height,
+                })?;
+
                let sig_a = a.sign(tx_redeem.digest());
                let sig_b =
                    adaptor.decrypt_signature(&s_a.into_secp256k1(), tx_redeem_encsig.clone());