bugfix: disallow sighash DEFAULT out of taproot context

releases/EdgeChangeLog.md

@@ -17,6 +17,7 @@ This lists the changes in the most recent EDGE firmware, for each hardware platf
 - New Feature: Send keystrokes with all derived BIP-85 secrets
 - Enhancement: CCC allow to reset block height
 - Bugfix: PSBT global XPUBs validation when signing with specific wallet
+- Bugfix: Do not allow sighash DEFAULT outside taproot context
 
 # Mk4 Specific Changes
 

shared/psbt.py

@@ -2003,6 +2003,9 @@ class psbtObject(psbtProxy):
             # needed for each input if we sign at least one P2TR input
             inp.utxo_spk = utxo.scriptPubKey
 
+            if inp.sighash == SIGHASH_DEFAULT:
+                assert inp.af == AF_P2TR, "SIGHASH_DEFAULT outside taproot context"
+
             if inp.sp_idxs:
                 my_cnt += 1
             if inp.fully_signed:

testing/test_sign.py

@@ -3992,4 +3992,14 @@ def test_txid_qr(fake_txn, start_sign, cap_story, press_cancel, press_select):
     assert "(6) for QR Code of TXID" in story
     press_cancel()
 
-# EOF
+
+@pytest.mark.parametrize("addr_fmt", ["p2wpkh", "p2pkh", "p2sh-p2wpkh"])
+def test_default_sighash_outside_taproot(addr_fmt, fake_txn, start_sign, cap_story):
+    psbt = fake_txn(1, 1, sighashes=["DEFAULT"], addr_fmt=addr_fmt)
+    start_sign(psbt)
+    time.sleep(.1)
+    title, story = cap_story()
+    assert title == "Failure"
+    assert "SIGHASH_DEFAULT outside taproot context" in story
+
+# EOF