@@ -135,6 +135,13 @@ def get_scripts(self) -> TapTree:
135135 withdraw_leaf = (
136136 "withdraw" ,
137137 CScript ([
138+ # Check withdrawal_pk commitment
139+ OP_DUP , # data is withdrawal_pk
140+ - 1 , # current input
141+ 0 , # NUMS (ignored)
142+ CCV_FLAG_CHECK_INPUT ,
143+ OP_CHECKCONTRACTVERIFY ,
144+
138145 # Check timelock
139146 self .spend_delay , OP_CHECKSEQUENCEVERIFY , OP_DROP ,
140147
@@ -275,14 +282,14 @@ def test_vault_e2e(
275282 unvault_contract ,
276283 withdrawal_pk ,
277284 "withdraw" ,
278- [withdrawal_hijacker_pk ],
285+ [withdrawal_pk ],
279286 nSequence = vault_contract .spend_delay
280287 )]
281288
282289 tx_withdraw = create_tx (
283290 inputs = withdrawal_inputs ,
284291 outputs = [
285- CTxOut (withdraw_amount , CScript ([OP_1 , withdrawal_hijacker_pk ]))
292+ CTxOut (withdraw_amount , CScript ([OP_1 , withdrawal_pk ]))
286293 ],
287294 )
288295
@@ -301,7 +308,27 @@ def test_vault_e2e(
301308 ######################################
302309 # Step 5: Attempt withdrawal to a wrong pubkey
303310 ######################################
304- self .assert_broadcast_tx (tx_withdraw , mine_all = True )
311+ hijack_withdrawal_inputs = [CcvInput (
312+ trigger_txid , 0 , withdraw_amount ,
313+ unvault_contract ,
314+ withdrawal_hijacker_pk ,
315+ "withdraw" ,
316+ [withdrawal_hijacker_pk ],
317+ nSequence = vault_contract .spend_delay
318+ )]
319+
320+ tx_hijack_withdraw = create_tx (
321+ inputs = hijack_withdrawal_inputs ,
322+ outputs = [
323+ CTxOut (withdraw_amount , CScript ([OP_1 , withdrawal_hijacker_pk ]))
324+ ],
325+ )
326+ self .assert_broadcast_tx (
327+ tx_hijack_withdraw , err_msg = "mandatory-script-verify-flag-failed" )
328+
329+ ######################################
330+ # Step 6: Complete the withdrawal
331+ ######################################
305332
306333 def test_trigger_and_partially_revault (self , node : TestNode , wallet : MiniWallet ):
307334 """
0 commit comments