From 2c4e3262cd54b809800b5bda04e454fa1d2a60c4 Mon Sep 17 00:00:00 2001
From: Tomasz Slabon <tomasz.slabon@keep.network>
Date: Wed, 25 Oct 2023 16:43:28 +0200
Subject: [PATCH 1/2] Verified Bitcoin recovery address type

---
 .../src/services/deposits/deposits-service.ts     | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/typescript/src/services/deposits/deposits-service.ts b/typescript/src/services/deposits/deposits-service.ts
index f123b6876..1c1591afc 100644
--- a/typescript/src/services/deposits/deposits-service.ts
+++ b/typescript/src/services/deposits/deposits-service.ts
@@ -8,6 +8,7 @@ import {
   BitcoinClient,
   BitcoinHashUtils,
   BitcoinLocktimeUtils,
+  BitcoinScriptUtils,
 } from "../../lib/bitcoin"
 import { Hex } from "../../lib/utils"
 import { Deposit } from "./deposit"
@@ -80,9 +81,17 @@ export class DepositsService {
 
     const bitcoinNetwork = await this.bitcoinClient.getNetwork()
 
-    // TODO: Only P2(W)PKH addresses can be used for recovery. The below conversion
-    //       function ensures that but, it would be good to check it here as well
-    //       in case the converter implementation changes.
+    const recoveryOutputScript = BitcoinAddressConverter.addressToOutputScript(
+      bitcoinRecoveryAddress,
+      bitcoinNetwork
+    )
+    if (
+      !BitcoinScriptUtils.isP2PKHScript(recoveryOutputScript) &&
+      !BitcoinScriptUtils.isP2WPKHScript(recoveryOutputScript)
+    ) {
+      throw new Error("Bitcoin recovery address must be P2PKH or P2WPKH")
+    }
+
     const refundPublicKeyHash = BitcoinAddressConverter.addressToPublicKeyHash(
       bitcoinRecoveryAddress,
       bitcoinNetwork

From e03020968fbdbaf1c6af983fc85929bf64f77b89 Mon Sep 17 00:00:00 2001
From: Tomasz Slabon <tomasz.slabon@keep.network>
Date: Wed, 25 Oct 2023 18:06:59 +0200
Subject: [PATCH 2/2] Verified redeemer output script type

---
 .../src/services/redemptions/redemptions-service.ts   | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/typescript/src/services/redemptions/redemptions-service.ts b/typescript/src/services/redemptions/redemptions-service.ts
index 363f0454a..690037877 100644
--- a/typescript/src/services/redemptions/redemptions-service.ts
+++ b/typescript/src/services/redemptions/redemptions-service.ts
@@ -7,6 +7,7 @@ import {
   BitcoinAddressConverter,
   BitcoinClient,
   BitcoinNetwork,
+  BitcoinScriptUtils,
   BitcoinTxOutput,
   BitcoinUtxo,
 } from "../../lib/bitcoin"
@@ -57,8 +58,14 @@ export class RedemptionsService {
       bitcoinRedeemerAddress,
       bitcoinNetwork
     )
-
-    // TODO: Validate the given script is supported for redemption.
+    if (
+      !BitcoinScriptUtils.isP2PKHScript(redeemerOutputScript) &&
+      !BitcoinScriptUtils.isP2WPKHScript(redeemerOutputScript) &&
+      !BitcoinScriptUtils.isP2SHScript(redeemerOutputScript) &&
+      !BitcoinScriptUtils.isP2WSHScript(redeemerOutputScript)
+    ) {
+      throw new Error("Redeemer output script must be of standard type")
+    }
 
     const { walletPublicKey, mainUtxo } = await this.findWalletForRedemption(
       redeemerOutputScript,