Reject torsioned spend keys to ensure we can spend the outputs we scan

2025-12-12 14:09:25 +00:00 · 2024-07-06 03:48:45 -04:00
parent b2c962cd3e
commit d847ec5efb
8 changed files with 39 additions and 16 deletions
--- a/coins/monero/wallet/src/scan.rs
+++ b/coins/monero/wallet/src/scan.rs
@@ -172,7 +172,6 @@ impl InternalScanner {
          // Our subtracting of a prime-order element means any torsion will be preserved
          // If someone wanted to malleate output keys with distinct torsions, only one will be
          // scanned accordingly (the one which has matching torsion of the spend key)
-          // TODO: If there's a torsioned spend key, can we spend outputs to it?
          let subaddress_spend_key =
            output_key - (&output_derivations.shared_key * ED25519_BASEPOINT_TABLE);
          self.subaddresses.get(&subaddress_spend_key.compress())