From df70ea05c6543d1ea76b4f30b8e3128a2b47fff8 Mon Sep 17 00:00:00 2001
From: junderw <jonathan.underwood4649@gmail.com>
Date: Thu, 13 Jul 2023 13:50:54 +0900
Subject: [PATCH] Fix: Leaf version validation

---
 backend/src/api/common.ts | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/backend/src/api/common.ts b/backend/src/api/common.ts
index 49d2c0458..cd9da3d2a 100644
--- a/backend/src/api/common.ts
+++ b/backend/src/api/common.ts
@@ -566,7 +566,7 @@ export class Common {
 
         if (maybeScriptSpend) {
           const controlBlock = witness[witness.length - scriptSpendMinLength + 1];
-          if (controlBlock.length === 0 || (controlBlock[0] & 0xfe) < 0xc0) {
+          if (controlBlock.length === 0 || !this.isValidLeafVersion(controlBlock[0])) {
             // Skip this input, it's not taproot
             return;
           }
@@ -595,6 +595,33 @@ export class Common {
     // Pass through the input string untouched
     return txhex;
   }
+
+  private static isValidLeafVersion(leafVersion: number): boolean {
+    // See Note 7 in BIP341
+    // https://github.com/bitcoin/bips/blob/66a1a8151021913047934ebab3f8883f2f8ca75b/bip-0341.mediawiki#cite_note-7
+    // "What constraints are there on the leaf version?"
+
+    // Must be an integer between 0 and 255
+    // Since we're parsing a byte
+    if (Math.floor(leafVersion) !== leafVersion || leafVersion < 0 || leafVersion > 255) {
+      return false;
+    }
+    // "the leaf version cannot be odd"
+    if ((leafVersion & 0x01) === 1) {
+      return false;
+    }
+    // "The values that comply to this rule are
+    // the 32 even values between 0xc0 and 0xfe
+    if (leafVersion >= 0xc0 && leafVersion <= 0xfe) {
+      return true;
+    }
+    // and also 0x66, 0x7e, 0x80, 0x84, 0x96, 0x98, 0xba, 0xbc, 0xbe."
+    if ([0x66, 0x7e, 0x80, 0x84, 0x96, 0x98, 0xba, 0xbc, 0xbe].includes(leafVersion)) {
+      return true;
+    }
+    // Otherwise, invalid
+    return false;
+  }
 }
 
 /**