Closed murisi closed 1 month ago
Good catch. I agree, we need to commit to this data. We should have no malleable data in transactions at all, really, not that I can think of at least.
@murisi This has since been fixed, right?
@grarco Could you check this quickly?
Closed by #3463
The
MaspTx
section is identified by the TxId digest described https://zips.z.cash/zip-0244#txid-digest . This is problematic because the TxId digest does not cover witness data like zero-knowledge proofs, authorization signatures, and binding signatures meaning that those entries are malleable. We should probably hash MASPTransaction
serialization bytes when trying to prevent tampering and the TxId digest to facilitate hardware wallet signing.