Disallow both single- and multi-signing in RPC (RIPD-1713):

The ledger already declared a transaction that is both single- and multi-signing malformed. This just adds some checking in the signing RPC commands (like submit and sign_for) which allows that sort of error to be identified a bit closer to the user. In the process of adding this code a bug was found in the RPCCall unit test. That bug is fixed as well.
2025-12-06 17:27:55 +00:00 · 2019-01-23 16:29:20 -08:00
parent d8c450d272
commit 36d6758945
5 changed files with 184 additions and 88 deletions
--- a/src/ripple/rpc/impl/TransactionSign.cpp
+++ b/src/ripple/rpc/impl/TransactionSign.cpp
@@ -80,6 +80,11 @@ public:
                (multiSignature_ != nullptr));
    }

+    bool isSingleSigning () const
+    {
+        return !isMultiSigning();
+    }
+
    // When multi-signing we should not edit the tx_json fields.
    bool editFields () const
    {
@@ -447,9 +452,20 @@ transactionPreProcessImpl (
            tx_json[jss::Flags] = tfFullyCanonicalSig;
    }

-    // If multisigning then we need to return the public key.
+    // If multisigning there should not be a single signature and vice versa.
    if (signingArgs.isMultiSigning())
+    {
+        if (tx_json.isMember (sfTxnSignature.jsonName))
+            return rpcError (rpcALREADY_SINGLE_SIG);
+
+        // If multisigning then we need to return the public key.
        signingArgs.setPublicKey (keypair.first);
+    }
+    else if (signingArgs.isSingleSigning())
+    {
+        if (tx_json.isMember (sfSigners.jsonName))
+            return rpcError (rpcALREADY_MULTISIG);
+    }

    if (verify)
    {
@@ -524,7 +540,7 @@ transactionPreProcessImpl (

        signingArgs.moveMultiSignature (std::move (multisig));
    }
-    else
+    else if (signingArgs.isSingleSigning())
    {
        stpTrans->sign (keypair.first, keypair.second);
    }
@@ -1131,6 +1147,10 @@ Json::Value transactionSubmitMultiSigned (
            return RPC::make_error (rpcINVALID_PARAMS, err.str ());
        }

+        // There may not be a TxnSignature field.
+        if (stpTrans->isFieldPresent (sfTxnSignature))
+            return rpcError (rpcSIGNING_MALFORMED);
+
        // The Fee field must be in XRP and greater than zero.
        auto const fee = stpTrans->getFieldAmount (sfFee);