From 9ab2c32250aee4414efa25d6ebda4888e0b1de2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Zemanovi=C4=8D?= <tomas@heliax.dev>
Date: Tue, 23 Jul 2024 10:11:04 +0100
Subject: [PATCH 1/2] tx: fix possible panic in sig verification

---
 crates/tx/src/types.rs | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/crates/tx/src/types.rs b/crates/tx/src/types.rs
index a8b31980063..b9de6648d59 100644
--- a/crates/tx/src/types.rs
+++ b/crates/tx/src/types.rs
@@ -48,6 +48,8 @@ pub enum VerifySigError {
     InvalidSectionSignature(String),
     #[error("The number of PKs overflows u8::MAX")]
     PksOverflow,
+    #[error("An expected signature is missing.")]
+    MissingSignature,
 }
 
 #[allow(missing_docs)]
@@ -558,6 +560,7 @@ impl Authorization {
             // Verify the signatures against the subset of this section's public
             // keys that are also in the given map
             Signer::PubKeys(pks) => {
+                let hash = self.get_raw_hash();
                 for (idx, pk) in pks.iter().enumerate() {
                     if let Some(map_idx) =
                         public_keys_index_map.get_index_from_public_key(pk)
@@ -565,11 +568,11 @@ impl Authorization {
                         let sig_idx = u8::try_from(idx)
                             .map_err(|_| VerifySigError::PksOverflow)?;
                         consume_verify_sig_gas()?;
-                        common::SigScheme::verify_signature(
-                            pk,
-                            &self.get_raw_hash(),
-                            &self.signatures[&sig_idx],
-                        )?;
+                        let sig = self
+                            .signatures
+                            .get(&sig_idx)
+                            .ok_or(VerifySigError::MissingSignature)?;
+                        common::SigScheme::verify_signature(pk, &hash, sig)?;
                         verified_pks.insert(map_idx);
                         // Cannot overflow
                         #[allow(clippy::arithmetic_side_effects)]

From a8d74f0bbdf13c031c84a5fc1a34df0b0ee6334b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Zemanovi=C4=8D?= <tomas@heliax.dev>
Date: Wed, 24 Jul 2024 10:53:48 +0100
Subject: [PATCH 2/2] changelog: add #3543

---
 .changelog/unreleased/bug-fixes/3543-fix-verify-sig-panic.md | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 .changelog/unreleased/bug-fixes/3543-fix-verify-sig-panic.md

diff --git a/.changelog/unreleased/bug-fixes/3543-fix-verify-sig-panic.md b/.changelog/unreleased/bug-fixes/3543-fix-verify-sig-panic.md
new file mode 100644
index 00000000000..366781ef86b
--- /dev/null
+++ b/.changelog/unreleased/bug-fixes/3543-fix-verify-sig-panic.md
@@ -0,0 +1,2 @@
+- Fixed a possible panic in transaction signatures verification missing expected
+  signature(s). ([\#3543](https://github.com/anoma/namada/pull/3543))
\ No newline at end of file