zebra
zebra copied to clipboard
Check address and key lengths when parsing strings
Scheduling
We don't need to fix these bugs until we start full wallet work.
Motivation
Zebra doesn't check the length of address or key strings when parsing.
This might lead to loss of funds.
Specifications
The Zcash consensus rules say that keys and addresses should be a specific length.
Designs
In methods that handle untrusted data:
-
From
-
FromStr
Check that the key or address is the correct length, and return an error if there is any trailing data.
This issue applies to all keys and addresses in Zebra.