mirror of
https://github.com/bisq-network/bisq.git
synced 2025-02-28 01:03:02 +01:00
803035bdbb
Improve validation of the buyer's delayed payout tx (both before & after they get the final DepositTxAndDelayedPayoutTxMessage from the peer), by finalising it independently of the seller. This is now possible since their 2-of-2 signature is included in the DelayedPayoutSignatureRequest. Check that the final delayedPayoutTx received from the seller matches it byte-for-byte (which actually makes its receipt redundant now). This also fixes an apparent security bug, where the final validation of the delayedPayoutTx appears to skip any kind of signature check (only a deposit tx hash check, which is still necessary). Finally, optimistically check the deposit tx against the input of the prepared delayedPayoutTx received from the seller, in the case that the former is non-malleable (that is, the fully segwit case) and thus has a stable ID given by the hash of the buyer's preparedDepositTx. |
||
|---|---|---|
| .. | ||
| java/bisq/core | ||
| resources | ||