From 021cec3471109e178416b49d4716c4a94eaa1ba7 Mon Sep 17 00:00:00 2001
From: Viktar Makouski <mcviktor@tut.by>
Date: Mon, 6 Jan 2025 13:25:35 +0300
Subject: [PATCH] add TweakCheck error

---
 signer/src/error.rs | 5 +++++
 signer/src/keys.rs  | 4 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/signer/src/error.rs b/signer/src/error.rs
index d73f0f438..210df565f 100644
--- a/signer/src/error.rs
+++ b/signer/src/error.rs
@@ -237,6 +237,11 @@ pub enum Error {
     #[error("invalid tweak? seriously? {0}")]
     InvalidPublicKeyTweak(#[source] secp256k1::Error),
 
+    /// This happens when a tweak produced by [`XOnlyPublicKey::add_tweak`] was computed incorrectly.
+    /// One if possible reasons is that you tweaked same key twice.
+    #[error("Tweak was computed incorrectly.")]
+    InvalidPublicKeyTweakCheck,
+
     /// This occurs when converting a byte slice to our internal public key
     /// type, which is a thin wrapper around the secp256k1::SecretKey.
     #[error("invalid private key: {0}")]
diff --git a/signer/src/keys.rs b/signer/src/keys.rs
index 744124363..a750d3f56 100644
--- a/signer/src/keys.rs
+++ b/signer/src/keys.rs
@@ -453,7 +453,9 @@ impl SignerScriptPubKey for secp256k1::XOnlyPublicKey {
             .add_tweak(SECP256K1, &tweak)
             .map_err(Error::InvalidPublicKeyTweak)?;
 
-        debug_assert!(self.tweak_add_check(SECP256K1, &output_key, parity, tweak));
+        if !self.tweak_add_check(SECP256K1, &output_key, parity, tweak) {
+            return Err(Error::InvalidPublicKeyTweakCheck);
+        }
         let pk = secp256k1::PublicKey::from_x_only_public_key(output_key, parity);
         Ok(PublicKey(pk))
     }