From: Matt Corallo Date: Thu, 30 Aug 2018 19:00:56 +0000 (-0400) Subject: Check script_pubkey against expected channel_announcement X-Git-Url: http://git.bitcoin.ninja/?a=commitdiff_plain;h=276c31be9cc84a173a09b5be75a9b9d11ffa01ac;p=rust-lightning Check script_pubkey against expected channel_announcement --- diff --git a/src/ln/router.rs b/src/ln/router.rs index e249913ec..e7f689e5f 100644 --- a/src/ln/router.rs +++ b/src/ln/router.rs @@ -3,6 +3,8 @@ use secp256k1::{Secp256k1,Message}; use secp256k1; use bitcoin::util::hash::Sha256dHash; +use bitcoin::blockdata::script::Builder; +use bitcoin::blockdata::opcodes; use chain::chaininterface::{ChainError, ChainWatchInterface}; use ln::channelmanager; @@ -209,7 +211,15 @@ impl RoutingMessageHandler for Router { match self.chain_monitor.get_chain_utxo(msg.contents.chain_hash, msg.contents.short_channel_id) { Ok((script_pubkey, _value)) => { - //TODO: Check if script_pubkey matches bitcoin_key_1 and bitcoin_key_2 + let expected_script = Builder::new().push_opcode(opcodes::All::OP_PUSHNUM_2) + .push_slice(&msg.contents.bitcoin_key_1.serialize()) + .push_slice(&msg.contents.bitcoin_key_2.serialize()) + .push_opcode(opcodes::All::OP_PUSHNUM_2).push_opcode(opcodes::All::OP_CHECKMULTISIG).into_script().to_v0_p2wsh(); + if script_pubkey != expected_script { + return Err(HandleError{err: "Channel announcement keys didn't match on-chain script", action: Some(ErrorAction::IgnoreError)}); + } + //TODO: Check if value is worth storing, use it to inform routing, and compare it + //to the new HTLC max field in channel_update }, Err(ChainError::NotSupported) => { // Tenatively accept, potentially exposing us to DoS attacks