mirror of
https://github.com/bisq-network/bisq.git
synced 2025-02-24 23:18:17 +01:00
efd590b9e7
Prevent the seller from stealing the combined tx fee as change by lying about the value of one or more of his BTC inputs, which are passed to the buyer as raw inputs in the 'BsqSwapFinalizeTxRequest' message. To this end, add a 'RawTransactionInput::validate' method to check the 'value' field against the output value of the respective spending tx and run it on every seller input in 'ProcessBsqSwapFinalizeTxRequest', so that the buyer is no longer just trusting those numbers. Additionally, check that the spending txIds from the raw BTC inputs supplied by the seller actually match those of his signed inputs in the accompanying partially signed tx, thus tying the raw input values to the seller's tx. |
||
|---|---|---|
| .. | ||
| .tx | ||
| src | ||
| update_translations.sh | ||