Merge #2188: fix(electrum): verify txid of server-returned transactions

evanlinjin · evanlinjin · commit 8760d872f7c3 · 2026-04-24T04:35:57.000Z
d101a09 fix(electrum): verify txid of server-returned transactions (Elias Rohrer) Pull request description: ### Description An Electrum server could return an arbitrary transaction when `fetch_tx()` requests a specific txid. The returned transaction was cached and used without verifying that its computed txid matches the requested one. Add a verification check that `tx.compute_txid() == txid` after fetching from the server, returning an error on mismatch. Include a unit test with a mock Electrum client that exercises both the mismatch rejection and the matching-txid happy path. ACKs for top commit: evanlinjin: ACK d101a09 Tree-SHA512: aecb729fd7d92bf75ec2877b1717eaeed824178d81a5c769a738314326d4a1acddeded3b37837f3af84ca6c69b7c73bff46d901697a8f2125ea1d4c34bef6096
diff --git a/crates/electrum/src/bdk_electrum_client.rs b/crates/electrum/src/bdk_electrum_client.rs
@@ -78,6 +78,12 @@ impl<E: ElectrumApi> BdkElectrumClient<E> {
         drop(tx_cache);
 
         let tx = Arc::new(self.inner.transaction_get(&txid)?);
+        let returned_txid = tx.compute_txid();
+        if returned_txid != txid {
+            return Err(Error::Message(format!(
+                "electrum server returned transaction with unexpected txid: expected {txid}, got {returned_txid}"
+            )));
+        }
 
         self.tx_cache.lock().unwrap().insert(txid, Arc::clone(&tx));
 
