Closed elRaulito closed 7 months ago
Hi
Could you please provide a bit more details? How is the dapp getting the signed PSBT before the user clicks on confirm? Is the callback firing with a signed PSBT?
There are two parties
Alice Signs a PSBT where one input is multisig Bob is asked to sign the PSBT but as you see I am able to get the PSBT signed as soon as I fire the signTransaction() call
Therefore I can finalize, get the rawTx, the txid
All things should not happen until I sign
Nevermind, my bad
I was passing over to Alice a PSBT already signed by Bob, therefore as soon as I got it back i was able to finalize it
Haha. Cool. Thanks for the adrenaline spike 😉
I am signing a multisignature and as you see I am able to get the transacion ID and the finalized raw tx before I approve my signature, this means that signTransaction() function doesn't wait for me to sign and could potentially be exploited by someone who tries to make me sign a bad tx
I don't sign but anyway it was done and could be propagated by attacker
A bit more of details