From 6a8149fe9676dfcc886c80bd3a3cb82bdd529267 Mon Sep 17 00:00:00 2001 From: Adam Gibson Date: Sat, 17 Oct 2020 14:47:44 +0100 Subject: [PATCH] Removes utxo field from non-receiver inputs Prior to this commit, the payjoin receiver code was signing a PSBT containing the utxo field for every input, including the ones it did not own, and transferring this to the sender. However BIP78 specifies that, for inputs belonging to the sender, no utxo field should be included. This is corrected in this commit. --- jmclient/jmclient/payjoin.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/jmclient/jmclient/payjoin.py b/jmclient/jmclient/payjoin.py index 205be12..002311a 100644 --- a/jmclient/jmclient/payjoin.py +++ b/jmclient/jmclient/payjoin.py @@ -953,6 +953,8 @@ class PayjoinServer(Resource): # intended (note the outputs will be shuffled next!): outs[1]["value"] -= our_fee_bump + # TODO this only works for 2 input transactions, otherwise + # pure-shuffle will not be valid as per BIP78 ordering requirement. unsigned_payjoin_tx = btc.make_shuffled_tx(payjoin_tx_inputs, outs, version=payment_psbt.unsigned_tx.nVersion, locktime=payment_psbt.unsigned_tx.nLockTime) @@ -970,6 +972,7 @@ class PayjoinServer(Resource): inp.nSequence = inp2.nSequence spent_outs.append(payment_psbt.inputs[j].utxo) input_found = True + sender_index = i break if input_found: continue @@ -1007,6 +1010,11 @@ class PayjoinServer(Resource): assert signresult.num_inputs_final == len(receiver_utxos) assert not signresult.is_final + # with signing succcessful, remove the utxo field from the + # counterparty's input (this is required by BIP78). Note we don't + # do this on PSBT creation as the psbt signing code throws ValueError + # unless utxos are present. + receiver_signed_psbt.inputs[sender_index] = btc.PSBT_Input(index=sender_index) log.debug("Receiver signing successful. Payjoin PSBT is now:\n{}".format( self.wallet_service.human_readable_psbt(receiver_signed_psbt))) # construct txoutset for the wallet service callback; we cannot use