Summary
In verify_transactions, the code directly indexes coinbase_tx.input[0] to read the witness data needed for SegWit commitment verification. If an InclusionMultiProof carries a malformed coinbase transaction with an empty input array, this indexing panics with an index-out-of-bounds error, crashing the verifier process (denial-of-service).
A coinbase transaction is always expected to have exactly one input, but this invariant is never validated before the access, making the verifier susceptible to crafted proofs.
Fix
Replace coinbase_tx.input[0] with coinbase_tx.input.first().ok_or(ValidationError::InvalidBlock)?, turning the potential panic into a structured Err that the caller can handle gracefully.
File: crates/bitcoin-da/src/verifier.rs
Summary
In
verify_transactions, the code directly indexescoinbase_tx.input[0]to read the witness data needed for SegWit commitment verification. If anInclusionMultiProofcarries a malformed coinbase transaction with an emptyinputarray, this indexing panics with an index-out-of-bounds error, crashing the verifier process (denial-of-service).A coinbase transaction is always expected to have exactly one input, but this invariant is never validated before the access, making the verifier susceptible to crafted proofs.
Fix
Replace
coinbase_tx.input[0]withcoinbase_tx.input.first().ok_or(ValidationError::InvalidBlock)?, turning the potential panic into a structuredErrthat the caller can handle gracefully.File:
crates/bitcoin-da/src/verifier.rs