fix(psbt): sanity check psbt before signing

[sdmg15]

Description

This PR attempts to sanity check the PSBT before signing. It closes audit issue #52

Notes to the reviewers

Changelog notice

Checklists

All Submissions:

• I've signed all my commits
• I followed the contribution guidelines
• I ran just p before pushing

Bugfixes:

• This pull request breaks the existing API
• I've added tests to reproduce the issue which are now passing
• I'm linking the issue being fixed by this PR

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.39%. Comparing base (4b612f5) to head (f0aca23).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #486      +/-   ##
==========================================
+ Coverage   80.30%   80.39%   +0.09%     
==========================================
  Files          24       24              
  Lines        5417     5432      +15     
  Branches      245      246       +1     
==========================================
+ Hits         4350     4367      +17     
+ Misses        989      988       -1     
+ Partials       78       77       -1     

Flag	Coverage Δ
rust	80.39% <100.00%> (+0.09%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[110CodingP]

Thanks for working on this!
Do you also plan to work on this part of #52 ?
"In the signer module, the previous transaction contained in a PSBT input is not validated against the outpoint for legacy and segwit v0 transactions. This is checked when creating a transaction, but this module may be used to sign a PSBT as an external participant."

[110CodingP]

Plus I am sorry I wasn't able to understand what this test is trying to check. Could you please add some more comments here?

[sdmg15]

This test effectively calls the wallet::sign with a malformed Psbt and expects the wallet to return an error instead of panicking.

So what I did here is crafting a raw transaction that initially just has 1 input then transformed it into a Psbt type to which I added more inputs (3 vs 1 in original tx).

[110CodingP]

I see but how does the input count relate to the error raised?

[sdmg15]

I'm not sure I get your question but that's the essence of the audit report.
When Wallet::sign will be called with the current setup (3 inputs in PSBT but 1 in raw tx), the get_utxo_for will return None and then the SignerError::MissingNonWitnessUtxo will be returned.
Not sure if it answers the question.

[110CodingP]

We get the error even without the other 2 inputs because the first input itself does not contain a non_witness_utxo!