From bf0086bbc1293ed35b57ef116d14f531b4f5bc46 Mon Sep 17 00:00:00 2001 From: scgbckbone Date: Thu, 12 Mar 2026 17:09:06 +0100 Subject: [PATCH] bugfix: disallow sighash DEFAULT out of taproot context --- releases/EdgeChangeLog.md | 1 + shared/psbt.py | 3 +++ testing/test_sign.py | 12 +++++++++++- 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/releases/EdgeChangeLog.md b/releases/EdgeChangeLog.md index e8817cb4..fed6abe9 100644 --- a/releases/EdgeChangeLog.md +++ b/releases/EdgeChangeLog.md @@ -17,6 +17,7 @@ This lists the changes in the most recent EDGE firmware, for each hardware platf - New Feature: Send keystrokes with all derived BIP-85 secrets - Enhancement: CCC allow to reset block height - Bugfix: PSBT global XPUBs validation when signing with specific wallet +- Bugfix: Do not allow sighash DEFAULT outside taproot context # Mk4 Specific Changes diff --git a/shared/psbt.py b/shared/psbt.py index 9901ee8f..c37489d1 100644 --- a/shared/psbt.py +++ b/shared/psbt.py @@ -2003,6 +2003,9 @@ class psbtObject(psbtProxy): # needed for each input if we sign at least one P2TR input inp.utxo_spk = utxo.scriptPubKey + if inp.sighash == SIGHASH_DEFAULT: + assert inp.af == AF_P2TR, "SIGHASH_DEFAULT outside taproot context" + if inp.sp_idxs: my_cnt += 1 if inp.fully_signed: diff --git a/testing/test_sign.py b/testing/test_sign.py index 78970f30..9f1dd445 100644 --- a/testing/test_sign.py +++ b/testing/test_sign.py @@ -3992,4 +3992,14 @@ def test_txid_qr(fake_txn, start_sign, cap_story, press_cancel, press_select): assert "(6) for QR Code of TXID" in story press_cancel() -# EOF \ No newline at end of file + +@pytest.mark.parametrize("addr_fmt", ["p2wpkh", "p2pkh", "p2sh-p2wpkh"]) +def test_default_sighash_outside_taproot(addr_fmt, fake_txn, start_sign, cap_story): + psbt = fake_txn(1, 1, sighashes=["DEFAULT"], addr_fmt=addr_fmt) + start_sign(psbt) + time.sleep(.1) + title, story = cap_story() + assert title == "Failure" + assert "SIGHASH_DEFAULT outside taproot context" in story + +# EOF