From 759365ca255babfdcae31709f53747b7335bcaeb Mon Sep 17 00:00:00 2001
From: Christopher Jeffrey <chjjeffrey@gmail.com>
Date: Wed, 10 Aug 2016 21:45:47 -0700
Subject: [PATCH] wallet: stricter key checks.

---
 lib/bcoin/wallet.js | 49 +++++++++++++++++++++++++++++++++++++++------
 1 file changed, 43 insertions(+), 6 deletions(-)

diff --git a/lib/bcoin/wallet.js b/lib/bcoin/wallet.js
index 23089273..52c22117 100644
--- a/lib/bcoin/wallet.js
+++ b/lib/bcoin/wallet.js
@@ -1936,7 +1936,6 @@ Account.prototype.init = function init(callback) {
   assert(this.changeDepth === 0);
 
   this.initialized = true;
-
   this.setDepth(1, 1, callback);
 };
 
@@ -2057,6 +2056,7 @@ Account.prototype.spliceKey = function spliceKey(key) {
  */
 
 Account.prototype.addKey = function addKey(key, callback) {
+  var self = this;
   var result = false;
 
   try {
@@ -2065,12 +2065,51 @@ Account.prototype.addKey = function addKey(key, callback) {
     return callback(e);
   }
 
-  // Try to initialize again.
-  this.init(function(err) {
+  this._checkKeys(function(err, has) {
     if (err)
       return callback(err);
 
-    return callback(null, result);
+    if (has) {
+      self.spliceKey(key);
+      return callback(new Error('Cannot add a key from another account.'));
+    }
+
+    // Try to initialize again.
+    self.init(function(err) {
+      if (err)
+        return callback(err);
+
+      return callback(null, result);
+    });
+  });
+};
+
+/**
+ * Ensure accounts are not sharing keys.
+ * @private
+ * @param {Function} callback
+ */
+
+Account.prototype._checkKeys = function _checkKeys(callback) {
+  var self = this;
+  var address;
+
+  if (this.initialized || this.type !== 'multisig')
+    return callback(null, false);
+
+  if (this.keys.length !== this.n)
+    return callback(null, false);
+
+  address = this.deriveReceive(0).getScriptAddress();
+
+  this.db._getPaths(address.getHash('hex'), function(err, paths) {
+    if (err)
+      return callback(err);
+
+    if (!paths)
+      return callback(null, false);
+
+    callback(null, paths[self.id] != null);
   });
 };
 
@@ -2184,8 +2223,6 @@ Account.prototype.deriveAddress = function deriveAddress(change, index) {
   var keys = [];
   var i, key, shared;
 
-  assert(this.initialized, 'Account is not initialized.');
-
   change = +change;
 
   key = this.accountKey.derive(change).derive(index);