Validate if address has been unlocked by same signature (iotaledger#2011

) * Validate if address has been unlocked by same signature * Add comment
boxfish-studio · Feb 16, 2024 · ad02c00 · ad02c00
1 parent 213cb9f
commit ad02c00
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/sdk/src/types/block/semantic/unlock.rs b/sdk/src/types/block/semantic/unlock.rs
@@ -1,6 +1,8 @@
 // Copyright 2023 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
+use crypto::hashes::{blake2b::Blake2b256, Digest};
+
 use crate::types::block::{
     address::Address,
     output::{Output, OutputId},
@@ -30,11 +32,19 @@ impl SemanticValidationContext<'_> {
 
                     self.unlocked_addresses.insert(address.clone());
                 }
-                Unlock::Reference(_) => {
-                    // TODO actually check that it was unlocked by the same signature.
+                Unlock::Reference(unlock) => {
                     if !self.unlocked_addresses.contains(address) {
                         return Err(TransactionFailureReason::DirectUnlockableAddressUnlockInvalid);
                     }
+
+                    // Unwrapping and indexing is fine as this has all been verified syntactically already.
+                    let Signature::Ed25519(signature) = self.unlocks.unwrap()[unlock.index() as usize]
+                        .as_signature()
+                        .signature();
+
+                    if Blake2b256::digest(signature.public_key_bytes()).as_slice() != ed25519_address.as_ref() {
+                        return Err(TransactionFailureReason::DirectUnlockableAddressUnlockInvalid);
+                    }
                 }
                 _ => return Err(TransactionFailureReason::DirectUnlockableAddressUnlockInvalid),
             },