From 165f2d000a0cbf320963a4377526d3a8cdc04ba9 Mon Sep 17 00:00:00 2001
From: yonson2023 <122909161+yonson2023@users.noreply.github.com>
Date: Sun, 26 Mar 2023 18:36:12 -0500
Subject: [PATCH] Check private view key is a valid scalar.

---
 .../core/xmr/knaccc/monero/address/WalletAddress.java     | 8 +++++++-
 .../java/knaccc/monero/address/WalletAddressTest.java     | 4 ++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/bisq/core/xmr/knaccc/monero/address/WalletAddress.java b/core/src/main/java/bisq/core/xmr/knaccc/monero/address/WalletAddress.java
index c7ce812e7d3..c86f12226e4 100755
--- a/core/src/main/java/bisq/core/xmr/knaccc/monero/address/WalletAddress.java
+++ b/core/src/main/java/bisq/core/xmr/knaccc/monero/address/WalletAddress.java
@@ -131,7 +131,13 @@ public String getSubaddressBase58(String privateViewKeyHex, long accountId, long
     }
 
     public boolean checkPrivateViewKey(String privateViewKey) {
-        return arePubPrivKeysRelated(this.publicViewKeyHex, privateViewKey);
+        return isPrivateKeyValid(privateViewKey) && arePubPrivKeysRelated(this.publicViewKeyHex, privateViewKey);
+    }
+
+    public static boolean isPrivateKeyValid(String privateKey) {
+        byte[] input = hexToBytes(privateKey);
+        byte[] reduced = CryptoUtil.scReduce32(input);
+        return Arrays.equals(input, reduced);
     }
 
     public static boolean arePubPrivKeysRelated(String publicKey, String privateKey) {
diff --git a/core/src/test/java/knaccc/monero/address/WalletAddressTest.java b/core/src/test/java/knaccc/monero/address/WalletAddressTest.java
index 7a8a44d4811..196fc3335ed 100644
--- a/core/src/test/java/knaccc/monero/address/WalletAddressTest.java
+++ b/core/src/test/java/knaccc/monero/address/WalletAddressTest.java
@@ -66,5 +66,9 @@ public void testWalletAddress() throws WalletAddress.InvalidWalletAddressExcepti
                 "0000111122223333444455556666777788889999AAAABBBBCCCCDDDDEEEEFFFF",
                 "0000111122223333444455556666777788889999AAAABBBBCCCCDDDDEEEEFFFF"),
                 false);
+
+        String nonReducedPrivateKey = "42594aba0e809490dec97b2dfaf64f7ae5bef1c2d19af636eb84544773df5b5f";
+        assertEquals(WalletAddress.isPrivateKeyValid(nonReducedPrivateKey), false);
+        assertEquals(WalletAddress.isPrivateKeyValid(privateViewKeyHex), true);
     }
 }