Skip to content

Commit

Permalink
swap: use dedicated error code and exit appropriately
Browse files Browse the repository at this point in the history
  • Loading branch information
@sgliner-ledger
sgliner-ledger committed Nov 10, 2023
1 parent 71f7dbe commit 0d5bd79
Show file tree
Hide file tree
Showing 5 changed files with 26 additions and 14 deletions.
1 change: 1 addition & 0 deletions bitcoin_client/ledger_bitcoin/exception/device_exception.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ class DeviceException(Exception): # pylint: disable=too-few-public-methods
0x6A82: NotSupportedError,
0x6A86: WrongP1P2Error,
0x6A87: WrongDataLengthError,
0x6A8E: SwapError,
0x6D00: InsNotSupportedError,
0x6E00: ClaNotSupportedError,
0xB000: WrongResponseLengthError,
Expand Down
4 changes: 4 additions & 0 deletions bitcoin_client/ledger_bitcoin/exception/errors.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,10 @@ class WrongDataLengthError(Exception):
pass


class SwapError(Exception):
pass


class InsNotSupportedError(Exception):
pass

Expand Down
5 changes: 5 additions & 0 deletions src/boilerplate/sw.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,11 @@
*/
#define SW_WRONG_DATA_LENGTH 0x6A87

/**
* Status word for fail in Swap
*/
#define SW_FAIL_SWAP 0x6A8E

/**
* Status word for unknown command with this INS.
*/
Expand Down
5 changes: 3 additions & 2 deletions src/handler/get_wallet_address.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
#include "../ui/menu.h"

#include "../swap/swap_globals.h"
#include "../swap/handle_swap_sign_transaction.h"

#include "lib/policy.h"
#include "lib/get_preimage.h"
Expand Down Expand Up @@ -167,8 +168,8 @@ void handler_get_wallet_address(dispatcher_context_t *dc, uint8_t protocol_versi
// Swap feature: check that the wallet policy is a default one
if (G_swap_state.called_from_swap && !is_wallet_default) {
PRINTF("Must be a default wallet policy for swap feature\n");
SEND_SW(dc, SW_INCORRECT_DATA);
return;
SEND_SW(dc, SW_FAIL_SWAP);
finalize_exchange_sign_transaction(false);
}

{
Expand Down
25 changes: 13 additions & 12 deletions src/handler/sign_psbt.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@
#include "sign_psbt/update_hashes_with_map_value.h"

#include "../swap/swap_globals.h"
#include "../swap/handle_swap_sign_transaction.h"

// common info that applies to either the current input or the current output
typedef struct {
Expand Down Expand Up @@ -649,8 +650,8 @@ init_global_state(dispatcher_context_t *dc, sign_psbt_state_t *st) {
// Swap feature: check that wallet policy is a default one
if (G_swap_state.called_from_swap && !st->is_wallet_default) {
PRINTF("Must be a default wallet policy for swap feature\n");
SEND_SW(dc, SW_INCORRECT_DATA);
return false;
SEND_SW(dc, SW_FAIL_SWAP);
finalize_exchange_sign_transaction(false);
}

// If it's not a default wallet policy, ask the user for confirmation, and abort if they deny
Expand Down Expand Up @@ -1032,8 +1033,8 @@ show_alerts(dispatcher_context_t *dc,
// Swap feature: no external inputs allowed
if (G_swap_state.called_from_swap) {
PRINTF("External inputs not allowed in swap transactions\n");
SEND_SW(dc, SW_INCORRECT_DATA);
return false;
SEND_SW(dc, SW_FAIL_SWAP);
finalize_exchange_sign_transaction(false);
}

// some internal and some external inputs, warn the user first
Expand Down Expand Up @@ -1135,8 +1136,8 @@ static bool __attribute__((noinline)) display_output(dispatcher_context_t *dc,
0 != strncmp(G_swap_state.destination_address, output_address, address_len)) {
// address did not match
PRINTF("Mismatching address for swap\n");
SEND_SW(dc, SW_INCORRECT_DATA);
return false;
SEND_SW(dc, SW_FAIL_SWAP);
finalize_exchange_sign_transaction(false);
}
} else {
// Show address to the user
Expand Down Expand Up @@ -1311,21 +1312,21 @@ confirm_transaction(dispatcher_context_t *dc, sign_psbt_state_t *st) {
// Swap feature: there must be only one external output
if (st->outputs.n_external != 1) {
PRINTF("Swap transaction must have exactly 1 external output\n");
SEND_SW(dc, SW_INCORRECT_DATA);
return false;
SEND_SW(dc, SW_FAIL_SWAP);
finalize_exchange_sign_transaction(false);
}

// Swap feature: check total amount and fees are as expected
if (fee != G_swap_state.fees) {
PRINTF("Mismatching fee for swap\n");
SEND_SW(dc, SW_INCORRECT_DATA);
return false;
SEND_SW(dc, SW_FAIL_SWAP);
finalize_exchange_sign_transaction(false);
}
uint64_t spent_amount = st->outputs.total_amount - st->outputs.change_total_amount;
if (spent_amount != G_swap_state.amount) {
PRINTF("Mismatching spent amount for swap\n");
SEND_SW(dc, SW_INCORRECT_DATA);
return false;
SEND_SW(dc, SW_FAIL_SWAP);
finalize_exchange_sign_transaction(false);
}
} else {
// if the value of fees is 10% or more of the amount, and it's more than 10000
Expand Down

0 comments on commit 0d5bd79

Please sign in to comment.