public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [Bitcoin-development] Warning to rawtx creators: bug in SIGHASH_SINGLE
@ 2012-08-20 16:06 Matt Corallo
  0 siblings, 0 replies; only message in thread
From: Matt Corallo @ 2012-08-20 16:06 UTC (permalink / raw)
  To: bitcoin-development

If you are playing around with the current rawtx API, be careful using
SIGHASH_SINGLE:

When parsing a transaction input, which uses a SIGHASH_SINGLE signature,
and the given input's index is >= the total number of outputs in the
current transaction, bitcoind doesn't sign anything useful, it signs the
constant 1.

Thus, if anyone were to create such an invalid transaction, any future
outputs to the public key which created the signature would be
immediately steal-able by anyone.

The conclusion on how to fix the issue was to fix the rawtx API to block
such transactions instead of creating a hardfork-risk or further
complicating transaction verification.

Code (in script.cpp:SignatureHash, under SIGHASH_SINGLE):
        if (nOut >= txTmp.vout.size())
        {
            printf("ERROR: SignatureHash() : nOut=%d out of range\n", nOut);
            return 1;
        }

Matt




^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2012-08-20 16:06 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-08-20 16:06 [Bitcoin-development] Warning to rawtx creators: bug in SIGHASH_SINGLE Matt Corallo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox