From 06eeaeaf397340ca864360b8e9b547f3c2757b90 Mon Sep 17 00:00:00 2001 From: KimStrand <231482327+KimStrand@users.noreply.github.com> Date: Wed, 8 Apr 2026 20:52:19 +0200 Subject: [PATCH] Validate messages in MuSig mediation request service --- .../mu_sig/MuSigMediationRequestService.java | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/support/src/main/java/bisq/support/mediation/mu_sig/MuSigMediationRequestService.java b/support/src/main/java/bisq/support/mediation/mu_sig/MuSigMediationRequestService.java index ff0a65b06b..41b56fecbf 100644 --- a/support/src/main/java/bisq/support/mediation/mu_sig/MuSigMediationRequestService.java +++ b/support/src/main/java/bisq/support/mediation/mu_sig/MuSigMediationRequestService.java @@ -204,6 +204,23 @@ private int getDeterministicIndex(Set mediators, private void processMediationStateChangeMessage(MuSigMediationStateChangeMessage message) { muSigOpenTradeChannelService.findChannelByTradeId(message.getTradeId()) .ifPresentOrElse(channel -> { + Optional mediator = channel.getMediator(); + if (mediator.isEmpty()) { + log.warn("Ignoring MuSigMediationStateChangeMessage for trade {} because mediator is missing in contract.", + message.getTradeId()); + return; + } + if (!mediator.orElseThrow().getId().equals(message.getSenderUserProfile().getId())) { + log.warn("Ignoring MuSigMediationStateChangeMessage for trade {} with unexpected senderUserProfile {}.", + message.getTradeId(), message.getSenderUserProfile()); + return; + } + + if (bannedUserService.isUserProfileBanned(message.getSenderUserProfile())) { + log.warn("Ignoring MuSigMediationStateChangeMessage as sender is banned"); + return; + } + MediationCaseState mediationCaseState = message.getMediationCaseState(); if (mediationCaseState == MediationCaseState.OPEN) { // Requester had it activated at request time