Reject unexpected binding sig during transaction write

zcash_primitives/Cargo.toml

@@ -9,6 +9,7 @@ authors = [
 byteorder = "1"
 lazy_static = "1"
 pairing = { path = "../pairing" }
+rand = "0.4"
 sapling-crypto = { path = "../sapling-crypto" }
 
 [dependencies.blake2-rfc]

zcash_primitives/src/lib.rs

@@ -4,6 +4,7 @@ extern crate lazy_static;
 extern crate blake2_rfc;
 extern crate byteorder;
 extern crate pairing;
+extern crate rand;
 extern crate sapling_crypto;
 
 use sapling_crypto::jubjub::JubjubBls12;

zcash_primitives/src/transaction/mod.rs

@@ -211,6 +211,11 @@ impl Transaction {
                     ))
                 }
             }
+        } else if self.binding_sig.is_some() {
+            return Err(io::Error::new(
+                io::ErrorKind::InvalidInput,
+                "Binding signature should not be present",
+            ));
         }
 
         Ok(())

zcash_primitives/src/transaction/tests.rs

@@ -1,8 +1,13 @@
+use pairing::bls12_381::Bls12;
+use rand::{thread_rng, Rng};
+use sapling_crypto::{jubjub::FixedGenerators, redjubjub::PrivateKey};
+
 use super::{
     components::{Amount, Script},
     sighash::signature_hash,
-    Transaction,
+    Transaction, TransactionData,
 };
+use JUBJUB;
 
 #[test]
 fn tx_read_write() {
@@ -151,6 +156,35 @@ fn tx_read_write() {
     assert_eq!(&data[..], &encoded[..]);
 }
 
+#[test]
+fn tx_write_rejects_unexpected_binding_sig() {
+    // Succeeds without a binding signature
+    {
+        let tx = TransactionData::new().freeze();
+        let mut encoded = Vec::new();
+        assert!(tx.write(&mut encoded).is_ok());
+    }
+
+    // Fails with an unexpected binding signature
+    {
+        let rng = &mut thread_rng();
+        let sk = PrivateKey::<Bls12>(rng.gen());
+        let sig = sk.sign(
+            b"Foo bar",
+            rng,
+            FixedGenerators::SpendingKeyGenerator,
+            &JUBJUB,
+        );
+
+        let mut tx = TransactionData::new();
+        tx.binding_sig = Some(sig);
+        let tx = tx.freeze();
+
+        let mut encoded = Vec::new();
+        assert!(tx.write(&mut encoded).is_err());
+    }
+}
+
 #[test]
 fn zip_0143() {
     struct TestVector {