Validate address network prefix and apply existing output validations to P2S as well

Author: rkalis

packages/cashscript/src/Errors.ts

@@ -24,12 +24,30 @@ export class OutputTokenAmountTooSmallError extends Error {
   }
 }
 
+export class OutputTokenCategoryInvalidError extends Error {
+  constructor(category: string) {
+    super(`Provided token category ${category} is not a hex string`);
+  }
+}
+
+export class OutputTokenCommitmentInvalidError extends Error {
+  constructor(commitment: string) {
+    super(`Provided token commitment ${commitment} is not a hex string`);
+  }
+}
+
 export class TokensToNonTokenAddressError extends Error {
   constructor(address: string) {
     super(`Tried to send tokens to an address without token support, ${address}.`);
   }
 }
 
+export class OutputAddressNetworkMismatchError extends Error {
+  constructor(address: string, expectedNetworkPrefix: string) {
+    super(`Tried to add an output to an address on the wrong network, ${address}. Expected network prefix: ${expectedNetworkPrefix}.`);
+  }
+}
+
 export class NoDebugInformationInArtifactError extends Error {
   constructor() {
     super('No debug information found in artifact, please recompile with cashc version 0.10.0 or newer.');

packages/cashscript/src/TransactionBuilder.ts

@@ -96,7 +96,7 @@ export class TransactionBuilder {
   }
 
   addOutputs(outputs: Output[]): this {
-    outputs.forEach(validateOutput);
+    outputs.forEach((output) => validateOutput(output, this.provider.network));
     this.outputs = this.outputs.concat(outputs);
     return this;
   }

packages/cashscript/src/utils.ts

@@ -42,6 +42,9 @@ import {
   OutputTokenAmountTooSmallError,
   TokensToNonTokenAddressError,
   UndefinedInputError,
+  OutputAddressNetworkMismatchError,
+  OutputTokenCategoryInvalidError,
+  OutputTokenCommitmentInvalidError,
 } from './Errors.js';
 
 // ////////// PARAMETER VALIDATION ////////////////////////////////////////////
@@ -51,25 +54,46 @@ export function validateInput(utxo: Utxo): void {
   }
 }
 
-export function validateOutput(output: Output): void {
-  if (typeof output.to !== 'string') return;
+export function validateOutput(output: Output, network: Network): void {
+  if (isOpReturnOutput(output)) return;
 
   const minimumAmount = calculateDust(output);
   if (output.amount < minimumAmount) {
     throw new OutputSatoshisTooSmallError(output.amount, BigInt(minimumAmount));
   }
 
   if (output.token) {
-    if (!isTokenAddress(output.to)) {
-      throw new TokensToNonTokenAddressError(output.to);
-    }
-
     if (output.token.amount < 0n) {
       throw new OutputTokenAmountTooSmallError(output.token.amount);
     }
+
+    if (typeof output.token.category !== 'string' || !isHex(output.token.category)) {
+      throw new OutputTokenCategoryInvalidError(output.token.category);
+    }
+
+    if (output.token.nft && (typeof output.token.nft.commitment !== 'string' || !isHex(output.token.nft.commitment))) {
+      throw new OutputTokenCommitmentInvalidError(output.token.nft.commitment);
+    }
+  }
+
+  // If the output is not an address (so it is P2S), then we don't need to do any address validation
+  if (typeof output.to !== 'string') return;
+
+  if (output.token && !isTokenAddress(output.to)) {
+    throw new TokensToNonTokenAddressError(output.to);
+  }
+
+  const addressPrefix = getNetworkPrefixForAddress(output.to);
+  const networkPrefix = getNetworkPrefix(network);
+  if (addressPrefix !== networkPrefix) {
+    throw new OutputAddressNetworkMismatchError(output.to, networkPrefix);
   }
 }
 
+export function isOpReturnOutput(output: Output): boolean {
+  return typeof output.to !== 'string' && output.to[0] === Op.OP_RETURN;
+}
+
 export function calculateDust(output: Output): number {
   const outputSize = getOutputSize(output);
   // Formula used to calculate the minimum allowed output
@@ -87,16 +111,6 @@ export function encodeOutput(output: Output): Uint8Array {
 }
 
 export function cashScriptOutputToLibauthOutput(output: Output): LibauthOutput {
-  if (output.token) {
-    if (typeof output.token.category !== 'string' || !isHex(output.token.category)) {
-      throw new Error(`Provided token category ${output.token?.category} is not a hex string`);
-    }
-
-    if (output.token.nft && (typeof output.token.nft.commitment !== 'string' || !isHex(output.token.nft.commitment))) {
-      throw new Error(`Provided token commitment ${output.token.nft?.commitment} is not a hex string`);
-    }
-  }
-
   return {
     lockingBytecode: typeof output.to === 'string' ? addressToLockScript(output.to) : output.to,
     valueSatoshis: output.amount,
@@ -150,6 +164,12 @@ function isTokenAddress(address: string): boolean {
   return supportsTokens;
 }
 
+function getNetworkPrefixForAddress(address: string): string {
+  const result = decodeCashAddress(address);
+  if (typeof result === 'string') throw new Error(result);
+  return result.prefix;
+}
+
 // ////////// SIZE CALCULATIONS ///////////////////////////////////////////////
 export function getInputSize(inputScript: Uint8Array): number {
   const scriptSize = inputScript.byteLength;