bisq-network · ripcurlx · Apr 8, 2020 · Apr 8, 2020 · Apr 8, 2020 · Apr 8, 2020
diff --git a/core/src/main/java/bisq/core/btc/wallet/TradeWalletService.java b/core/src/main/java/bisq/core/btc/wallet/TradeWalletService.java
@@ -675,7 +675,7 @@ public Transaction createDelayedUnsignedPayoutTx(Transaction depositTx,
         Transaction delayedPayoutTx = new Transaction(params);
         delayedPayoutTx.addInput(p2SHMultiSigOutput);
         applyLockTime(lockTime, delayedPayoutTx);
-        Coin outputAmount = depositTx.getOutputSum().subtract(minerFee);
+        Coin outputAmount = p2SHMultiSigOutput.getValue().subtract(minerFee);
         delayedPayoutTx.addOutput(outputAmount, Address.fromBase58(params, donationAddressString));
         WalletService.printTx("Unsigned delayedPayoutTx ToDonationAddress", delayedPayoutTx);
         WalletService.verifyTransaction(delayedPayoutTx);
@@ -724,11 +724,29 @@ public Transaction finalizeDelayedPayoutTx(Transaction delayedPayoutTx,
         return delayedPayoutTx;
     }
 
-    public boolean verifiesDepositTxAndDelayedPayoutTx(@SuppressWarnings("unused") Transaction depositTx,
-                                                       Transaction delayedPayoutTx) {
-        // todo add more checks
-        if (delayedPayoutTx.getLockTime() == 0) {
-            log.error("Time lock is not set");
+    public boolean verifiesDepositTxAndDelayedPayoutTx(Transaction depositTx,
+                                                       Transaction delayedPayoutTx,
+                                                       long lockTime) {
+
+        TransactionOutput p2SHMultiSigOutput = depositTx.getOutput(0);
+        if (delayedPayoutTx.getInputs().size() != 1) {
+            log.error("Number of inputs must be 1");
+            return false;
+        }
+
+        TransactionOutput connectedOutput = delayedPayoutTx.getInput(0).getConnectedOutput();
+        if (connectedOutput == null) {
+            log.error("connectedOutput must not be null");
+            return false;
+        }
+
+        if (!connectedOutput.equals(p2SHMultiSigOutput)) {
+            log.error("connectedOutput must be p2SHMultiSigOutput");
+            return false;
+        }
+
+        if (delayedPayoutTx.getLockTime() != lockTime) {
+            log.error("LockTime must match trades lockTime");
             return false;
         }
 
@@ -1228,11 +1246,10 @@ private void applyLockTime(long lockTime, Transaction tx) {
     private boolean removeDust(Transaction transaction) {
         List<TransactionOutput> originalTransactionOutputs = transaction.getOutputs();
         List<TransactionOutput> keepTransactionOutputs = new ArrayList<>();
-        for (TransactionOutput transactionOutput: originalTransactionOutputs) {
+        for (TransactionOutput transactionOutput : originalTransactionOutputs) {
             if (transactionOutput.getValue().isLessThan(Restrictions.getMinNonDustOutput())) {
                 log.info("your transaction would have contained a dust output of {}", transactionOutput.toString());
-            }
-            else {
+            } else {
                 keepTransactionOutputs.add(transactionOutput);
             }
         }

diff --git a/core/src/main/java/bisq/core/trade/DonationAddressValidation.java b/core/src/main/java/bisq/core/trade/DonationAddressValidation.java
@@ -0,0 +1,98 @@
+/*
+ * This file is part of Bisq.
+ *
+ * Bisq is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * Bisq is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Bisq. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package bisq.core.trade;
+
+import bisq.core.btc.wallet.BtcWalletService;
+import bisq.core.dao.DaoFacade;
+import bisq.core.dao.governance.param.Param;
+
+import org.bitcoinj.core.Address;
+import org.bitcoinj.core.NetworkParameters;
+import org.bitcoinj.core.Transaction;
+import org.bitcoinj.core.TransactionOutput;
+
+import lombok.Getter;
+import lombok.extern.slf4j.Slf4j;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+@Slf4j
+public class DonationAddressValidation {
+
+    @Getter
+    public static class DonationAddressException extends Exception {
+        private final String addressAsString;
+        private final String recentDonationAddressString;
+        private final String defaultDonationAddressString;
+
+        DonationAddressException(String addressAsString,
+                                 String recentDonationAddressString,
+                                 String defaultDonationAddressString) {
+
+            this.addressAsString = addressAsString;
+            this.recentDonationAddressString = recentDonationAddressString;
+            this.defaultDonationAddressString = defaultDonationAddressString;
+        }
+    }
+
+    public static class MissingDelayedPayoutTxException extends Exception {
+        public MissingDelayedPayoutTxException(String msg) {
+            super(msg);
+        }
+    }
+
+    public static void validate(Transaction delayedPayoutTx,
+                                DaoFacade daoFacade,
+                                BtcWalletService btcWalletService) throws DonationAddressException, MissingDelayedPayoutTxException {
+        if (delayedPayoutTx == null) {
+            throw new MissingDelayedPayoutTxException("DelayedPayoutTx must not be null");
+        }
+
+        // Get most recent donation address.
+        // We do not support past DAO param addresses to avoid that those receive funds (no bond set up anymore).
+        // Users who have not synced the DAO cannot trade.
+        String recentDonationAddressString = daoFacade.getParamValue(Param.RECIPIENT_BTC_ADDRESS);
+
+        // In case the seller has deactivated the DAO the default address will be used.
+        String defaultDonationAddressString = Param.RECIPIENT_BTC_ADDRESS.getDefaultValue();
+
+        checkArgument(delayedPayoutTx.getOutputs().size() == 1,
+                "preparedDelayedPayoutTx must have 1 output");
+
+        TransactionOutput output = delayedPayoutTx.getOutput(0);
+        NetworkParameters params = btcWalletService.getParams();
+        Address address = output.getAddressFromP2PKHScript(params);
+        if (address == null) {
+            // The donation address can be as well be a multisig address.
+            address = output.getAddressFromP2SH(params);
+            checkNotNull(address, "address must not be null");
+        }
+
+        String addressAsString = address.toString();
+        boolean isValid = recentDonationAddressString.equals(addressAsString) ||
+                defaultDonationAddressString.equals(addressAsString);
+        if (!isValid) {
+            log.warn("Donation address is invalid." +
+                    "\nAddress used by BTC seller: " + addressAsString +
+                    "\nRecent donation address:" + recentDonationAddressString +
+                    "\nDefault donation address: " + defaultDonationAddressString);
+            throw new DonationAddressException(addressAsString, recentDonationAddressString, defaultDonationAddressString);
+        }
+    }
+}
diff --git a/core/src/main/java/bisq/core/trade/TradeManager.java b/core/src/main/java/bisq/core/trade/TradeManager.java
@@ -297,6 +297,16 @@ private void initPendingTrades() {
                                 trade.getId());
                         tradesWithoutDepositTx.add(trade);
                     }
+
+            try {
+                DonationAddressValidation.validate(trade.getDelayedPayoutTx(),
+                        daoFacade,
+                        btcWalletService);
+            } catch (DonationAddressValidation.DonationAddressException |
+                    DonationAddressValidation.MissingDelayedPayoutTxException e) {
+                // We move it to failed trades so it cannot be continued.
+                addTradeToFailedTradesList.add(trade);
+            }
                 }
         );
 

diff --git a/core/src/main/java/bisq/core/trade/protocol/BuyerAsMakerProtocol.java b/core/src/main/java/bisq/core/trade/protocol/BuyerAsMakerProtocol.java
@@ -37,8 +37,8 @@
 import bisq.core.trade.protocol.tasks.buyer.BuyerSetupPayoutTxListener;
 import bisq.core.trade.protocol.tasks.buyer.BuyerSignPayoutTx;
 import bisq.core.trade.protocol.tasks.buyer.BuyerSignsDelayedPayoutTx;
-import bisq.core.trade.protocol.tasks.buyer.BuyerVerifiesDelayedPayoutTx;
-import bisq.core.trade.protocol.tasks.buyer.BuyerVerifiesDonationAddress;
+import bisq.core.trade.protocol.tasks.buyer.BuyerVerifiesFinalDelayedPayoutTx;
+import bisq.core.trade.protocol.tasks.buyer.BuyerVerifiesPreparedDelayedPayoutTx;
 import bisq.core.trade.protocol.tasks.buyer_as_maker.BuyerAsMakerCreatesAndSignsDepositTx;
 import bisq.core.trade.protocol.tasks.buyer_as_maker.BuyerAsMakerSendsInputsForDepositTxResponse;
 import bisq.core.trade.protocol.tasks.maker.MakerCreateAndSignContract;
@@ -155,7 +155,7 @@ private void handle(DelayedPayoutTxSignatureRequest tradeMessage, NodeAddress pe
                 errorMessage -> handleTaskRunnerFault(tradeMessage, errorMessage));
         taskRunner.addTasks(
                 BuyerProcessDelayedPayoutTxSignatureRequest.class,
-                BuyerVerifiesDonationAddress.class,
+                BuyerVerifiesPreparedDelayedPayoutTx.class,
                 BuyerSignsDelayedPayoutTx.class,
                 BuyerSendsDelayedPayoutTxSignatureResponse.class
         );
@@ -171,7 +171,7 @@ private void handle(DepositTxAndDelayedPayoutTxMessage tradeMessage, NodeAddress
                 errorMessage -> handleTaskRunnerFault(tradeMessage, errorMessage));
         taskRunner.addTasks(
                 BuyerProcessDepositTxAndDelayedPayoutTxMessage.class,
-                BuyerVerifiesDelayedPayoutTx.class,
+                BuyerVerifiesFinalDelayedPayoutTx.class,
                 PublishTradeStatistics.class
         );
         taskRunner.run();

diff --git a/core/src/main/java/bisq/core/trade/protocol/BuyerAsTakerProtocol.java b/core/src/main/java/bisq/core/trade/protocol/BuyerAsTakerProtocol.java
@@ -39,8 +39,8 @@
 import bisq.core.trade.protocol.tasks.buyer.BuyerSetupPayoutTxListener;
 import bisq.core.trade.protocol.tasks.buyer.BuyerSignPayoutTx;
 import bisq.core.trade.protocol.tasks.buyer.BuyerSignsDelayedPayoutTx;
-import bisq.core.trade.protocol.tasks.buyer.BuyerVerifiesDelayedPayoutTx;
-import bisq.core.trade.protocol.tasks.buyer.BuyerVerifiesDonationAddress;
+import bisq.core.trade.protocol.tasks.buyer.BuyerVerifiesFinalDelayedPayoutTx;
+import bisq.core.trade.protocol.tasks.buyer.BuyerVerifiesPreparedDelayedPayoutTx;
 import bisq.core.trade.protocol.tasks.buyer_as_taker.BuyerAsTakerCreatesDepositTxInputs;
 import bisq.core.trade.protocol.tasks.buyer_as_taker.BuyerAsTakerSendsDepositTxMessage;
 import bisq.core.trade.protocol.tasks.buyer_as_taker.BuyerAsTakerSignsDepositTx;
@@ -178,7 +178,7 @@ private void handle(DelayedPayoutTxSignatureRequest tradeMessage, NodeAddress se
                 errorMessage -> handleTaskRunnerFault(tradeMessage, errorMessage));
         taskRunner.addTasks(
                 BuyerProcessDelayedPayoutTxSignatureRequest.class,
-                BuyerVerifiesDonationAddress.class,
+                BuyerVerifiesPreparedDelayedPayoutTx.class,
                 BuyerSignsDelayedPayoutTx.class,
                 BuyerSendsDelayedPayoutTxSignatureResponse.class
         );
@@ -195,7 +195,7 @@ private void handle(DepositTxAndDelayedPayoutTxMessage tradeMessage, NodeAddress
                 errorMessage -> handleTaskRunnerFault(tradeMessage, errorMessage));
         taskRunner.addTasks(
                 BuyerProcessDepositTxAndDelayedPayoutTxMessage.class,
-                BuyerVerifiesDelayedPayoutTx.class,
+                BuyerVerifiesFinalDelayedPayoutTx.class,
                 PublishTradeStatistics.class
         );
         taskRunner.run();

diff --git a/core/src/main/java/bisq/core/trade/protocol/tasks/buyer/BuyerVerifiesDonationAddress.java b/core/src/main/java/bisq/core/trade/protocol/tasks/buyer/BuyerVerifiesDonationAddress.java
diff --git a/...s/buyer/BuyerVerifiesDelayedPayoutTx.java → ...er/BuyerVerifiesFinalDelayedPayoutTx.java b/...s/buyer/BuyerVerifiesDelayedPayoutTx.java → ...er/BuyerVerifiesFinalDelayedPayoutTx.java
@@ -29,9 +29,9 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 
 @Slf4j
-public class BuyerVerifiesDelayedPayoutTx extends TradeTask {
+public class BuyerVerifiesFinalDelayedPayoutTx extends TradeTask {
     @SuppressWarnings({"unused"})
-    public BuyerVerifiesDelayedPayoutTx(TaskRunner taskHandler, Trade trade) {
+    public BuyerVerifiesFinalDelayedPayoutTx(TaskRunner taskHandler, Trade trade) {
         super(taskHandler, trade);
     }
 
@@ -42,7 +42,9 @@ protected void run() {
 
             Transaction depositTx = checkNotNull(trade.getDepositTx());
             Transaction delayedPayoutTx = checkNotNull(trade.getDelayedPayoutTx());
-            if (processModel.getTradeWalletService().verifiesDepositTxAndDelayedPayoutTx(depositTx, delayedPayoutTx)) {
+            if (processModel.getTradeWalletService().verifiesDepositTxAndDelayedPayoutTx(depositTx,
+                    delayedPayoutTx,
+                    trade.getLockTime())) {
                 complete();
             } else {
                 failed("DelayedPayoutTx is not spending depositTx correctly");