diff --git a/src/psbt.js b/src/psbt.js index 03bc1ae89..d4be2dc26 100644 --- a/src/psbt.js +++ b/src/psbt.js @@ -78,6 +78,7 @@ class Psbt { // We will disable exporting the Psbt when unsafe sign is active. // because it is not BIP174 compliant. __UNSAFE_SIGN_NONSEGWIT: false, + __WARN_UNSAFE_SIGN_NONSEGWIT: true, __TX_FROM_BUFFER: buf => this.constructor.transactionFromBuffer(buf, this.opts.network), }; @@ -1016,15 +1017,17 @@ function getHashForSig(inputIndex, input, cache, forValidate, sighashTypes) { `${meaningfulScript.toString('hex')}`, ); if (!forValidate && cache.__UNSAFE_SIGN_NONSEGWIT !== false) - console.warn( - 'Warning: Signing non-segwit inputs without the full parent transaction ' + - 'means there is a chance that a miner could feed you incorrect information ' + - "to trick you into paying large fees. This behavior is the same as Psbt's predecesor " + - '(TransactionBuilder - now removed) when signing non-segwit scripts. You are not ' + - 'able to export this Psbt with toBuffer|toBase64|toHex since it is not ' + - 'BIP174 compliant.\n*********************\nPROCEED WITH CAUTION!\n' + - '*********************', - ); + if (cache.__WARN_UNSAFE_SIGN_NONSEGWIT) { + console.warn( + 'Warning: Signing non-segwit inputs without the full parent transaction ' + + 'means there is a chance that a miner could feed you incorrect information ' + + "to trick you into paying large fees. This behavior is the same as Psbt's predecesor " + + '(TransactionBuilder - now removed) when signing non-segwit scripts. You are not ' + + 'able to export this Psbt with toBuffer|toBase64|toHex since it is not ' + + 'BIP174 compliant.\n*********************\nPROCEED WITH CAUTION!\n' + + '*********************', + ); + } hash = unsignedTx.hashForSignature( inputIndex, meaningfulScript, diff --git a/ts_src/psbt.ts b/ts_src/psbt.ts index 865ad1818..76289caba 100644 --- a/ts_src/psbt.ts +++ b/ts_src/psbt.ts @@ -152,6 +152,7 @@ export class Psbt { // We will disable exporting the Psbt when unsafe sign is active. // because it is not BIP174 compliant. __UNSAFE_SIGN_NONSEGWIT: false, + __WARN_UNSAFE_SIGN_NONSEGWIT: true, __TX_FROM_BUFFER: buf => (this.constructor as typeof Psbt).transactionFromBuffer( buf, @@ -775,6 +776,7 @@ interface PsbtCache { __FEE?: bigint; __EXTRACTED_TX?: Transaction; __UNSAFE_SIGN_NONSEGWIT: boolean; + __WARN_UNSAFE_SIGN_NONSEGWIT: boolean; __TX_FROM_BUFFER: (buf: Buffer) => Transaction; } @@ -1363,15 +1365,17 @@ function getHashForSig( `${meaningfulScript.toString('hex')}`, ); if (!forValidate && cache.__UNSAFE_SIGN_NONSEGWIT !== false) - console.warn( - 'Warning: Signing non-segwit inputs without the full parent transaction ' + - 'means there is a chance that a miner could feed you incorrect information ' + - "to trick you into paying large fees. This behavior is the same as Psbt's predecesor " + - '(TransactionBuilder - now removed) when signing non-segwit scripts. You are not ' + - 'able to export this Psbt with toBuffer|toBase64|toHex since it is not ' + - 'BIP174 compliant.\n*********************\nPROCEED WITH CAUTION!\n' + - '*********************', - ); + if (cache.__WARN_UNSAFE_SIGN_NONSEGWIT) { + console.warn( + 'Warning: Signing non-segwit inputs without the full parent transaction ' + + 'means there is a chance that a miner could feed you incorrect information ' + + "to trick you into paying large fees. This behavior is the same as Psbt's predecesor " + + '(TransactionBuilder - now removed) when signing non-segwit scripts. You are not ' + + 'able to export this Psbt with toBuffer|toBase64|toHex since it is not ' + + 'BIP174 compliant.\n*********************\nPROCEED WITH CAUTION!\n' + + '*********************', + ); + } hash = unsignedTx.hashForSignature( inputIndex, meaningfulScript,