From 07e8e01865746c534ddd6956c29e7c0e5516b9d6 Mon Sep 17 00:00:00 2001
From: catbref <misc-github@talk2dom.com>
Date: Wed, 22 May 2019 10:19:52 +0100
Subject: [PATCH] Add check to PROXY_FORGING so that proxy public key always
 maps to same forger-recipient combo

---
 .../org/qora/transaction/ProxyForgingTransaction.java | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/qora/transaction/ProxyForgingTransaction.java b/src/main/java/org/qora/transaction/ProxyForgingTransaction.java
index 7759328f..4f66285a 100644
--- a/src/main/java/org/qora/transaction/ProxyForgingTransaction.java
+++ b/src/main/java/org/qora/transaction/ProxyForgingTransaction.java
@@ -96,12 +96,11 @@ public class ProxyForgingTransaction extends Transaction {
 		if (!Crypto.isValidAddress(recipient.getAddress()))
 			return ValidationResult.INVALID_ADDRESS;
 
-		/* Not needed?
-		// Check recipient has known public key
-		AccountData recipientData = this.repository.getAccountRepository().getAccount(recipient.getAddress());
-		if (recipientData == null || recipientData.getPublicKey() == null)
-			return ValidationResult.PUBLIC_KEY_UNKNOWN;
-		*/
+		// If proxy public key aleady exists in repository, then it must be for the same forger-recipient combo
+		ProxyForgerData proxyForgerData = this.repository.getAccountRepository().getProxyForgeData(this.proxyForgingTransactionData.getProxyPublicKey());
+		if (proxyForgerData != null)
+			if (!proxyForgerData.getRecipient().equals(recipient.getAddress()) || !Arrays.equals(proxyForgerData.getForgerPublicKey(), creator.getPublicKey()))
+				return ValidationResult.INVALID_PUBLIC_KEY;
 
 		// Check fee is positive
 		if (proxyForgingTransactionData.getFee().compareTo(BigDecimal.ZERO) <= 0)