From 1c4707136cb00888f3880a57911da48e4440f8d4 Mon Sep 17 00:00:00 2001
From: Luke Parker <lukeparker5132@gmail.com>
Date: Sun, 31 Jul 2022 22:46:46 -0400
Subject: [PATCH] Ban unreduced points in Monero

---
 coins/monero/src/serialize.rs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/coins/monero/src/serialize.rs b/coins/monero/src/serialize.rs
index d7c3ec50..b8088a9e 100644
--- a/coins/monero/src/serialize.rs
+++ b/coins/monero/src/serialize.rs
@@ -85,9 +85,11 @@ pub fn read_scalar<R: io::Read>(r: &mut R) -> io::Result<Scalar> {
 }
 
 pub fn read_point<R: io::Read>(r: &mut R) -> io::Result<EdwardsPoint> {
-  CompressedEdwardsY(read_32(r)?)
+  let bytes = read_32(r)?;
+  CompressedEdwardsY(bytes)
     .decompress()
-    .filter(|point| point.is_torsion_free())
+    // Ban torsioned points, and points which are either unreduced or -0
+    .filter(|point| point.is_torsion_free() && (point.compress().to_bytes() == bytes))
     .ok_or_else(|| io::Error::new(io::ErrorKind::Other, "invalid point"))
 }