From 11fad69239855940de9928bd4b30e402467231fc Mon Sep 17 00:00:00 2001
From: "Jamie C. Driver" <jamie@blockstream.io>
Date: Mon, 20 Nov 2023 10:40:40 +0000
Subject: [PATCH] ui: tweak address message for OP_RETURN outputs with non-zero
 amounts

Make it clearer that the output is burning the passed amount.
---
 main/process/get_receive_address.c |  7 ++++---
 main/ui/sign_tx.c                  |  4 ++--
 main/utils/address.c               | 25 ++++++++++++++++---------
 main/utils/address.h               |  5 +++--
 4 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/main/process/get_receive_address.c b/main/process/get_receive_address.c
index 41eb69aa..632e8eef 100644
--- a/main/process/get_receive_address.c
+++ b/main/process/get_receive_address.c
@@ -226,6 +226,7 @@ void get_receive_address_process(void* process_ptr)
     // Convert that into an address string
     JADE_ASSERT(script_len > 0);
     char address[MAX_ADDRESS_LEN];
+    const bool has_value = false;
     if (isLiquid) {
         if (confidential) {
             // Blind address
@@ -238,14 +239,14 @@ void get_receive_address_process(void* process_ptr)
                 goto cleanup;
             }
             elements_script_to_address(
-                network, script, script_len, blinding_key, sizeof(blinding_key), address, sizeof(address));
+                network, script, script_len, has_value, blinding_key, sizeof(blinding_key), address, sizeof(address));
         } else {
             JADE_ASSERT(!p_master_blinding_key && !master_blinding_key_len);
-            elements_script_to_address(network, script, script_len, NULL, 0, address, sizeof(address));
+            elements_script_to_address(network, script, script_len, has_value, NULL, 0, address, sizeof(address));
         }
     } else {
         JADE_ASSERT(!confidential && !p_master_blinding_key && !master_blinding_key_len);
-        script_to_address(network, script, script_len, address, sizeof(address));
+        script_to_address(network, script, script_len, has_value, address, sizeof(address));
     }
 
     // Display to the user to confirm
diff --git a/main/ui/sign_tx.c b/main/ui/sign_tx.c
index a04ca5d2..b01e71d9 100644
--- a/main/ui/sign_tx.c
+++ b/main/ui/sign_tx.c
@@ -443,7 +443,7 @@ bool show_btc_transaction_outputs_activity(
         JADE_ASSERT(ret > 0 && ret < sizeof(amount));
 
         char address[MAX_ADDRESS_LEN];
-        script_to_address(network, out->script, out->script_len, address, sizeof(address));
+        script_to_address(network, out->script, out->script_len, out->satoshi > 0, address, sizeof(address));
         const bool is_address = true;
 
         // Show output info
@@ -499,7 +499,7 @@ bool show_elements_transaction_outputs_activity(const char* network, const struc
 
         // Get the address
         char address[MAX_ADDRESS_LEN];
-        elements_script_to_address(network, out->script, out->script_len,
+        elements_script_to_address(network, out->script, out->script_len, output_info[i].value > 0,
             (output_info[i].flags & OUTPUT_FLAG_HAS_BLINDING_KEY) ? output_info[i].blinding_key : NULL,
             sizeof(output_info[i].blinding_key), address, sizeof(address));
         const bool is_address = true;
diff --git a/main/utils/address.c b/main/utils/address.c
index 870fd150..35ad839f 100644
--- a/main/utils/address.c
+++ b/main/utils/address.c
@@ -21,7 +21,8 @@ static void base58_addr(const uint8_t prefix, const uint8_t* script, char** outp
     JADE_WALLY_VERIFY(wally_base58_from_bytes(decoded, 21, BASE58_FLAG_CHECKSUM, output));
 }
 
-static void render_op_return(const uint8_t* script, const size_t script_len, char* output, const size_t output_len)
+static void render_op_return(
+    const uint8_t* script, const size_t script_len, const bool has_value, char* output, const size_t output_len)
 {
     JADE_ASSERT(script);
     JADE_ASSERT(script_len > 0);
@@ -29,16 +30,17 @@ static void render_op_return(const uint8_t* script, const size_t script_len, cha
     JADE_ASSERT(output);
     JADE_ASSERT(output_len >= 64); // sufficient to fit error 'too long' error message
 
-    const char opdesc[] = "OP_RETURN: ";
+    const char* opdesc = has_value ? "Burning Asset - OP_RETURN: " : "OP_RETURN: ";
+    const size_t opedesc_len = strlen(opdesc);
     char* payload_hex = NULL;
 
     // Check data fits in output buffer, and verify push length matches data length
-    if (script_len > 3 && script_len <= (output_len - sizeof(opdesc)) && script[1] == script_len - 2) {
+    if (script_len > 3 && script[1] == script_len - 2 && output_len > opedesc_len + (2 * (script_len - 2))) {
         // Skip over the opcode and length, and hexlify the payload
         JADE_WALLY_VERIFY(wally_hex_from_bytes(script + 2, script_len - 2, &payload_hex));
         const int ret = snprintf(output, output_len, "%s%s", opdesc, payload_hex);
         JADE_ASSERT(ret > 0 && ret < output_len);
-        free(payload_hex);
+        JADE_WALLY_VERIFY(wally_free_string(payload_hex));
     } else {
         // Too long (or short!) or inconsistent to display - show length and error message
         const int ret = snprintf(output, output_len, "%s<script length: %u - cannot be displayed>", opdesc, script_len);
@@ -47,10 +49,12 @@ static void render_op_return(const uint8_t* script, const size_t script_len, cha
 }
 
 // Convert the passed btc script into an address
-void script_to_address(
-    const char* network, const uint8_t* script, const size_t script_len, char* output, const size_t output_len)
+void script_to_address(const char* network, const uint8_t* script, const size_t script_len, const bool has_value,
+    char* output, const size_t output_len)
 {
     JADE_ASSERT(!isLiquidNetwork(network));
+    JADE_ASSERT(output);
+    JADE_ASSERT(output_len);
 
     int ret = 0;
     if (!script || !script_len) {
@@ -85,7 +89,7 @@ void script_to_address(
         break;
 
     case WALLY_SCRIPT_TYPE_OP_RETURN:
-        render_op_return(script, script_len, output, output_len);
+        render_op_return(script, script_len, has_value, output, output_len);
         break;
 
     default:
@@ -103,9 +107,12 @@ void script_to_address(
 
 // Convert the passed liquid script into an address (confidential if blindng key passed)
 void elements_script_to_address(const char* network, const uint8_t* script, const size_t script_len,
-    const uint8_t* blinding_key, const size_t blinding_key_len, char* output, const size_t output_len)
+    const bool has_value, const uint8_t* blinding_key, const size_t blinding_key_len, char* output,
+    const size_t output_len)
 {
     JADE_ASSERT(isLiquidNetwork(network));
+    JADE_ASSERT(output);
+    JADE_ASSERT(output_len);
 
     int ret = 0;
     if (!script || !script_len) {
@@ -140,7 +147,7 @@ void elements_script_to_address(const char* network, const uint8_t* script, cons
         break;
 
     case WALLY_SCRIPT_TYPE_OP_RETURN:
-        render_op_return(script, script_len, output, output_len);
+        render_op_return(script, script_len, has_value, output, output_len);
         break;
 
     default:
diff --git a/main/utils/address.h b/main/utils/address.h
index 5032ba0d..1aea46a1 100644
--- a/main/utils/address.h
+++ b/main/utils/address.h
@@ -15,11 +15,12 @@ typedef struct {
 } address_data_t;
 
 // Script pubkey to address, for BTC networks
-void script_to_address(const char* network, const uint8_t* script, size_t script_len, char* output, size_t output_len);
+void script_to_address(
+    const char* network, const uint8_t* script, size_t script_len, bool has_value, char* output, size_t output_len);
 
 // Script pubkey to address, for liquid networks
 // Will be converted to a confidential address if blindingkey is passed.
-void elements_script_to_address(const char* network, const uint8_t* script, size_t script_len,
+void elements_script_to_address(const char* network, const uint8_t* script, size_t script_len, bool has_value,
     const uint8_t* blinding_key, size_t blinding_key_len, char* output, size_t output_len);
 
 // Attempt to parse an address - return the network and the scriptpubkey