Shuffle zouts to prevent leaking change output position

src/transaction_builder.cpp

@@ -59,6 +59,13 @@ void TransactionBuilder::AddSaplingOutput(
     mtx.valueBalance -= value;
 }
 
+// randomize the order of outputs
+void TransactionBuilder::ShuffleOutputs()
+{
+    LogPrintf("%s: Shuffling %d zouts\n", __func__, outputs.size() );
+    random_shuffle( outputs.begin(), outputs.end(), GetRandInt );
+}
+
 void TransactionBuilder::AddTransparentInput(COutPoint utxo, CScript scriptPubKey, CAmount value, uint32_t _nSequence)
 {
     if (keystore == nullptr) {
@@ -212,6 +219,9 @@ boost::optional<CTransaction> TransactionBuilder::Build()
         mtx.vShieldedSpend.push_back(sdesc);
     }
 
+    // Prevent leaking metadata about the position of change output
+    ShuffleOutputs();
+
     // Create Sapling OutputDescriptions
     for (auto output : outputs) {
         auto cm = output.note.cm();

src/transaction_builder.h

@@ -92,6 +92,8 @@ public:
         CAmount value,
         std::array<unsigned char, HUSH_MEMO_SIZE> memo = {{0}});
 
+    void ShuffleOutputs();
+
     // Assumes that the value correctly corresponds to the provided UTXO.
     void AddTransparentInput(COutPoint utxo, CScript scriptPubKey, CAmount value, uint32_t nSequence = 0xffffffff);