From b443cefe38e01d60be0566ec030e42c5f89e17e2 Mon Sep 17 00:00:00 2001
From: Aaron Buchwald <aaron.buchwald56@gmail.com>
Date: Wed, 7 Oct 2020 12:03:53 -0400
Subject: Fix export tx credential verification

---
 plugin/evm/export_tx.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'plugin')

diff --git a/plugin/evm/export_tx.go b/plugin/evm/export_tx.go
index 067252a..89aa30e 100644
--- a/plugin/evm/export_tx.go
+++ b/plugin/evm/export_tx.go
@@ -92,12 +92,21 @@ func (tx *UnsignedExportTx) SemanticVerify(
 		return permError{err}
 	}
 
+	if len(tx.Ins) != len(stx.Creds) {
+		return permError{errSignatureInputsMismatch}
+	}
+
 	f := crypto.FactorySECP256K1R{}
-	for i, cred := range stx.Creds {
+	for i, input := range tx.Ins {
+		cred := stx.Creds[i].(*secp256k1fx.Credential)
 		if err := cred.Verify(); err != nil {
 			return permError{err}
 		}
-		pubKey, err := f.RecoverPublicKey(tx.UnsignedBytes(), cred.(*secp256k1fx.Credential).Sigs[0][:])
+
+		if len(cred.Sigs) != 1 {
+			return permError{fmt.Errorf("expected one signature for EVM Input Credential, but found: %d", len(secpCredential.Sigs))}
+		}
+		pubKey, err := f.RecoverPublicKey(tx.UnsignedBytes(), secpCredential.Sigs[0][:])
 		if err != nil {
 			return permError{err}
 		}
-- 
cgit v1.2.3