[DDW-742] Fix receiver address validation (disallow rewards address) (#2781)

Author: przemyslaw-wlodek

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## vNext
 
+### Fixes
+
+- Fixed receiver address validation by disallowing rewards addresses ([PR 2781](https://github.com/input-output-hk/daedalus/pull/2781))
+
 ### Chores
 
 - Updated vulnerable dependencies ([PR 2769](https://github.com/input-output-hk/daedalus/pull/2769))

nix/sources.json

@@ -29,10 +29,10 @@
         "homepage": null,
         "owner": "input-output-hk",
         "repo": "cardano-wallet",
-        "rev": "dac16ba7e3bf64bf5474497656932fd342c3b720",
-        "sha256": "012lnp5rah4qyl8r0v04d0rz28b1rdaz6flhjrahf45b9gx7mny1",
+        "rev": "760140e238a5fbca61d1b286d7a80ece058dc729",
+        "sha256": "014njpddrlqm9bbab636h2gf58zkm0bx04i1jsn07vh5j3k0gri6",
         "type": "tarball",
-        "url": "https://github.com/input-output-hk/cardano-wallet/archive/dac16ba7e3bf64bf5474497656932fd342c3b720.tar.gz",
+        "url": "https://github.com/input-output-hk/cardano-wallet/archive/760140e238a5fbca61d1b286d7a80ece058dc729.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "gitignore": {

package.json

@@ -134,9 +134,9 @@
     "husky": "4.3.0",
     "identity-obj-proxy": "3.0.0",
     "jest": "26.6.3",
-    "jest-css-modules-transform": "^4.3.0",
+    "jest-css-modules-transform": "4.3.0",
     "jest-environment-jsdom": "26.6.2",
-    "jest-svg-transformer": "^1.0.0",
+    "jest-svg-transformer": "1.0.0",
     "markdown-loader": "5.1.0",
     "mini-css-extract-plugin": "0.12.0",
     "minimist": "1.2.5",

source/common/types/address-introspection.types.js

@@ -4,7 +4,9 @@ export type IntrospectAddressRequest = {
   input: string,
 };
 
-export type AddressStyle = 'Byron' | 'Icarus' | 'Jormungandr' | 'Shelley';
+export type AddressStyle = 'Byron' | 'Icarus' | 'Shelley';
+
+export type AddressType = 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 14 | 15;
 
 export type ChainPointer = {
   slot_num: number,
@@ -13,6 +15,7 @@ export type ChainPointer = {
 };
 
 export type AddressBase = {
+  address_type: AddressType,
   address_style: AddressStyle,
   network_tag: number | null,
   stake_reference: 'none' | 'by pointer' | 'by value',
@@ -27,14 +30,6 @@ export type IcarusAddress = AddressBase & {
   address_root: string,
 };
 
-export type JormungandrAddress = AddressBase & {
-  address_type: 'single' | 'group' | 'account' | 'multisig',
-  account_key?: string,
-  merkle_root?: string,
-  spending_key?: string,
-  stake_key?: string,
-};
-
 export type ShelleyAddress = AddressBase & {
   pointer?: ChainPointer,
   script_hash?: string,
@@ -45,10 +40,6 @@ export type ShelleyAddress = AddressBase & {
 
 export type IntrospectAddressResponse =
   | {
-      introspection:
-        | ByronAddress
-        | IcarusAddress
-        | JormungandrAddress
-        | ShelleyAddress,
+      introspection: ByronAddress | IcarusAddress | ShelleyAddress,
     }
   | 'Invalid';

source/renderer/app/stores/WalletsStore.js

@@ -18,7 +18,10 @@ import { logger } from '../utils/logging';
 import { ROUTES } from '../routes-config';
 import { formattedWalletAmount } from '../utils/formatters';
 import { ellipsis } from '../utils/strings';
-import { bech32EncodePublicKey } from '../utils/hardwareWalletUtils';
+import {
+  bech32EncodePublicKey,
+  isReceiverAddressType,
+} from '../utils/hardwareWalletUtils';
 import {
   WalletPaperWalletOpenPdfError,
   WalletRewardsOpenCsvError,
@@ -1039,9 +1042,14 @@ export default class WalletsStore extends Store {
     }
     try {
       const response = await introspectAddressChannel.send({ input: address });
-      if (response === 'Invalid') {
+
+      if (
+        response === 'Invalid' ||
+        !isReceiverAddressType(response.introspection.address_type)
+      ) {
         return false;
       }
+
       runInAction('check if address is from the same wallet', () => {
         const walletAddresses = this.stores.addresses.all
           .slice()

source/renderer/app/utils/hardwareWalletUtils.js

@@ -6,6 +6,7 @@ import { HARDENED } from '../config/hardwareWalletsConfig';
 
 // Types
 import type { CoinSelectionAssetsType } from '../api/transactions/types';
+import type { AddressType } from '../../../common/types/address-introspection.types';
 
 export type PathRoleIdentityType =
   | 'utxo_external'
@@ -38,6 +39,21 @@ export const KEY_PREFIXES = {
 
 // Helpers
 
+const receiverAddressTypes: Set<AddressType> = new Set([
+  0,
+  1,
+  2,
+  3,
+  4,
+  5,
+  6,
+  7,
+  8,
+]);
+
+export const isReceiverAddressType = (addressType: AddressType) =>
+  receiverAddressTypes.has(addressType);
+
 // [1852H, 1815H, 0H] => m/1852'/1815'/0'
 export const derivationPathToString = (derivationPath: Array<string>) => {
   let constructedPath = 'm';

yarn.lock

@@ -2849,7 +2849,7 @@
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/@types/is-function/-/is-function-1.0.0.tgz#1b0b819b1636c7baf0d6785d030d12edf70c3e83"
 
-"@types/istanbul-lib-coverage@*", "@types/istanbul-lib-coverage@^2.0.0", "@types/istanbul-lib-coverage@^2.0.1":
+"@types/istanbul-lib-coverage@^2.0.0", "@types/istanbul-lib-coverage@^2.0.1":
   version "2.0.3"
   resolved "https://registry.yarnpkg.com/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.3.tgz#4ba8ddb720221f432e443bd5f9117fd22cfd4762"
 
@@ -10756,7 +10756,7 @@ jest-config@^26.6.3:
     micromatch "^4.0.2"
     pretty-format "^26.6.2"
 
-jest-css-modules-transform@^4.3.0:
+jest-css-modules-transform@4.3.0:
   version "4.3.0"
   resolved "https://registry.yarnpkg.com/jest-css-modules-transform/-/jest-css-modules-transform-4.3.0.tgz#e3599b6b9326230f9c127953aca99f91d9286ab1"
   dependencies:
@@ -11153,7 +11153,7 @@ jest-snapshot@^26.6.2:
     pretty-format "^26.6.2"
     semver "^7.3.2"
 
-jest-svg-transformer@^1.0.0:
+jest-svg-transformer@1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/jest-svg-transformer/-/jest-svg-transformer-1.0.0.tgz#e38884ca4cd8b2295cdfa2a0b24667920c3a8a6d"