You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(swaps): derive preimage from the x-only pubkey, not descriptor.ToString()
The deterministic-preimage message bundled UTF8(descriptor.ToString()), which is
non-canonical: the HD signing descriptor used at swap creation and the bare
receiver descriptor a wallet reconstructs at restore time stringify differently
for the same key (origin/path/checksum/key form all vary). The re-derived
preimage then differed from the one Boltz holds, so reverse-swap restore
silently failed to recover the preimage.
Anchor the message on the canonical x-only public key extracted from the
descriptor instead: PreimageTag || xonly(32) || u32le(index). Create-time and
restore-time now agree, and the scheme is reproducible by any Arkade SDK (a
descriptor string is NBitcoin-specific; a pubkey is universal). The descriptor
is still the signing-key selector passed to signer.Sign — only the hashed
message changed. Scheme stays v1 (unreleased).
Extracts BuildPreimageMessage as an internal pure function + tests pinning the
wire format and descriptor-form independence.
0 commit comments