Skip to content

Investigate checking UTXO sourceOutputs locking bytecode against provided unlocker #359

New issue
New issue
Open
Bug
Open
Investigate checking UTXO sourceOutputs locking bytecode against provided unlocker#359
Bug
Labels
javascript-sdkRelates to the CashScript JavaScript SDK
Milestone
v0.13.0
@rkalis

Description

@rkalis
rkalis
opened on Sep 16, 2025

It is currently possible to run debugging where the added input UTXOs are from a different contract (or P2PKH address) than the unlocker used to unlock it.

In the libauth template generation we assume that the UTXO that gets unlocked is of the same "type" as the unlocker used to unlock it.

For P2PKH this means that the debugging will succeed even when using an incorrect SignatureTemplate. For contracts it likely means that debugging can succeed even when the provided UTXOs don't match the unlocker.

These kinds of transactions will still be rejected by the network, but currently they pass on MockNetworkProvider / .debug().

We might need to change UTXO typings to properly solve this.

Metadata

Metadata

Assignees

No one assigned

    Labels

    javascript-sdkRelates to the CashScript JavaScript SDK

    Type

    Bug

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions