RPC: Internal bug in walletprocesspsbt
when non_witness_utxo is not provided and a witness signature is invalid
#30077
Labels
Milestone
Is there an existing issue for this?
Current behaviour
Calling
walletprocesspsbt
on a signed PSBT that only includes awitness_utxo
(nonon_witness_utxo
) with an invalid signature produces an internal bug (CHECK_NONFATAL
):Expected behaviour
This scenario should be handled gracefully either with an explanatory error message or by ignoring those bad signatures (the latter happens when
non_witness_utxo
is provided). There are many reasons why a previously added signature could be invalid, e.g. if new inputs were added, outputs modified, etc.A concrete example is a Payjoin transaction, where the receiver contributes inputs of their own after the sender has signed an initial PSBT. That's the scenario I was testing when I stumbled onto this (see discussion here).
Steps to reproduce
I produced a minimal repro by modifying the rpc_psbt.py functional test: grizznaut@0ddee75). After signing the initial PSBT, it substitutes the output address and attempts to call
walletprocesspsbt
again, but fails:Relevant log output
No response
How did you obtain Bitcoin Core
Compiled from source
What version of Bitcoin Core are you using?
master@98dd4e7
Operating system and version
MacOS Ventura 13.6
Machine specifications
No response
The text was updated successfully, but these errors were encountered: