Skip to content

Commit bc05d9d

Browse files
committed
Check Esplora Merkle leaf risk by base size
Esplora confirmation checks must use the non-witness transaction size for the 64-byte Merkle leaf guard. Witness padding can otherwise raise total_size without changing the serialization hashed into the txid and Merkle tree. Co-Authored-By: HAL 9000 This finding was discovered by Project Loupe
1 parent 4636d6c commit bc05d9d

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

lightning-transaction-sync/src/esplora.rs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
// http://opensource.org/licenses/MIT>, at your option. You may not use this file except in
66
// accordance with one or both of these licenses.
77

8-
use crate::common::{ConfirmedTx, FilterQueue, SyncState};
8+
use crate::common::{is_potentially_unsafe_merkle_leaf, ConfirmedTx, FilterQueue, SyncState};
99
use crate::error::{InternalError, TxSyncError};
1010

1111
use lightning::chain::WatchedOutput;
@@ -393,7 +393,7 @@ impl<L: Logger> EsploraSyncClient<L> {
393393
// https://web.archive.org/web/20240329003521/https://bitslog.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/).
394394
// To protect against this (highly unlikely) attack vector, we check that the
395395
// transaction is at least 65 bytes in length.
396-
if tx.total_size() == 64 {
396+
if is_potentially_unsafe_merkle_leaf(&tx) {
397397
log_error!(
398398
self.logger,
399399
"Skipping transaction {} due to retrieving potentially invalid tx data.",

0 commit comments

Comments
 (0)