libauth icon indicating copy to clipboard operation
libauth copied to clipboard
verified publisher icon bitauth

Validate decodePrivateKeyWif version and length

Open jimtendo opened this issue 1 year ago • 3 comments

The decodePrivateKeyWif function will currently allow a Legacy/Base58 BTC address.

For example:

// Using Base58/Legacy Address
const decodedPrivateKey = decodePrivateKeyWif('1CQbfkN8cADaJWk29ARtaa55UNdBa1kLaA');

// Check for errors
if (typeof decodedPrivateKey === 'string') {
  throw new Error('We never reach here as version/length are not checked and function therefore assumes valid');
}

An example case where this might become pertinent is when a wallet scans a QR Code and has to distinguish between a WIF (for sweeping) and a Base58 Address (for sending funds to).

This PR does two things:

  1. Verifies that the version must be Base58AddressFormatVersion.wif or Base58AddressFormatVersion.wifTestnet
  2. Verifies that the length of the payload is either 32 (uncompressed) or 33 (compressed) bytes

NOTE: I can't find a formalized spec for WIF and we might want to extend this PR a little bit.

The docs here: https://en.bitcoin.it/wiki/Wallet_import_format

... suggest that BTC might support some additional version codes:

it should be 0x80, however legacy Electrum or some SegWit vanity address generators may use 0x81-0x87

... which we might want to add to Base58AddressFormatVersion and also validate. Let me know if this is desired, will try to amend (unsure if we should still validate length in that case?).

jimtendo avatar Nov 06 '24 22:11 jimtendo

⚠️ No Changeset found

Latest commit: f1381776bf04da9b9c115c72ee083edd47e022e0

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

changeset-bot[bot] avatar Nov 06 '24 22:11 changeset-bot[bot]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 98.35%. Comparing base (ade0151) to head (f138177).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master     #147   +/-   ##
=======================================
  Coverage   98.35%   98.35%           
=======================================
  Files         152      152           
  Lines       61284    61296   +12     
  Branches     2272     2233   -39     
=======================================
+ Hits        60276    60288   +12     
  Misses       1002     1002           
  Partials        6        6

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Nov 06 '24 22:11 codecov[bot]

Hey @bitjson , is there anything else you'd like me to do for this one (e.g. can add the additional BTC/Segwit version codes if the general approach looks okay)?

In terms of failed build, I think this might be something to do with the CI pulling a broken Node version. The code changes are pretty minimal and all passed locally.

jimtendo avatar Jun 25 '25 04:06 jimtendo