Skip to content

Fix bug in offer implementation#805

Merged
Rigidity merged 1 commit into
mainfrom
fix-offer-bug
Jul 12, 2026
Merged

Fix bug in offer implementation#805
Rigidity merged 1 commit into
mainfrom
fix-offer-bug

Conversation

@Rigidity

@Rigidity Rigidity commented Jul 12, 2026

Copy link
Copy Markdown
Collaborator

Note

High Risk
Changes offer-taking coin selection and signing behavior in wallet code paths that move funds; mistakes could enable double-spend or signing attacker-injected spends.

Overview
Fixes take-offer coin selection and signing so the taker cannot reuse or sign coins already spent in the incoming offer bundle.

select_spends now delegates to select_spends_excluding, which treats offer input coin IDs as unavailable when auto-selecting XCH/CAT for the counterparty payment. take_offer passes every coin ID from the offer’s coin_spends into that exclusion list, then returns a TakenOffer (offer + unsigned taker spend_bundle) instead of a finished bundle.

The API take_offer path signs only the taker’s spends (sign_transaction with partial: false) and applies offer.take afterward. Tests use a shared sign_taken_offer helper and add coverage for re-taking your own offer (coin selection error) and for injected malicious spends in the offer (excluded from signing; resulting bundle fails simulation).

Reviewed by Cursor Bugbot for commit b7000ef. Bugbot is set up for automated code reviews on this repo. Configure here.

@Rigidity Rigidity merged commit 7ebb9db into main Jul 12, 2026
7 of 9 checks passed
@Rigidity Rigidity deleted the fix-offer-bug branch July 12, 2026 16:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant