Stacking lib: Reject native segwit addresses

hirosystems / stacks.js

JavaScript libraries for identity, auth, storage and transactions on the Stacks blockchain.

https://stacks.js.org

MIT License

947 stars 308 forks source link

Stacking lib: Reject native segwit addresses #973

Closed agraebe closed 3 years ago

agraebe commented 3 years ago

Describe the bug Native segwit addresses are not supported on the Stack blockchain. However, the Stacking library currently allows setting these addresses (starting with bc1). The library currently decodes this format into a different one and submits it to the stacking contract calls, resulting in unexpected reward addresses inside contract calls.

The main method in question is decodeBtcAddress.

Expected behavior The library should reject native segwit addresses.

cc @yknl @jcnelson @cuevasm

jcnelson commented 3 years ago

The blockchain does not support native segwit addresses (and never has). It only supports p2pkh and p2sh (including p2wpkh-p2sh and p2wsh-p2sh, not to be confused with native p2wpkh and native p2wsh). Moreover, there is no way to convert a Bech32 address into a p2sh address that I'm aware of.

hstove commented 3 years ago

CC @kyranjamie to double check in the desktop wallet - although I believe I recall explicitly testing with bech32.

jcnelson commented 3 years ago

To be clear, if you put a bech32 address into the code here, it will produce a well-formed p2sh address. However, it won't be spendable. That's the bug -- the code should be erroring out.

kyranjamie commented 3 years ago

Thanks @hstove, yeah the wallet handles this already

Desktop wallet screenshot

![image](https://user-images.githubusercontent.com/1618764/111596736-c77f8280-87cd-11eb-9989-4b1c3a2bc67d.png)