diff --git a/signer/src/error.rs b/signer/src/error.rs index d73f0f438..210df565f 100644 --- a/signer/src/error.rs +++ b/signer/src/error.rs @@ -237,6 +237,11 @@ pub enum Error { #[error("invalid tweak? seriously? {0}")] InvalidPublicKeyTweak(#[source] secp256k1::Error), + /// This happens when a tweak produced by [`XOnlyPublicKey::add_tweak`] was computed incorrectly. + /// One if possible reasons is that you tweaked same key twice. + #[error("Tweak was computed incorrectly.")] + InvalidPublicKeyTweakCheck, + /// This occurs when converting a byte slice to our internal public key /// type, which is a thin wrapper around the secp256k1::SecretKey. #[error("invalid private key: {0}")] diff --git a/signer/src/keys.rs b/signer/src/keys.rs index 744124363..a750d3f56 100644 --- a/signer/src/keys.rs +++ b/signer/src/keys.rs @@ -453,7 +453,9 @@ impl SignerScriptPubKey for secp256k1::XOnlyPublicKey { .add_tweak(SECP256K1, &tweak) .map_err(Error::InvalidPublicKeyTweak)?; - debug_assert!(self.tweak_add_check(SECP256K1, &output_key, parity, tweak)); + if !self.tweak_add_check(SECP256K1, &output_key, parity, tweak) { + return Err(Error::InvalidPublicKeyTweakCheck); + } let pk = secp256k1::PublicKey::from_x_only_public_key(output_key, parity); Ok(PublicKey(pk)) }