From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lucasontivero@gmail.com>
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 8EBD2C0032
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri,  8 Sep 2023 15:07:25 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp1.osuosl.org (Postfix) with ESMTP id 5B71881FB4
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri,  8 Sep 2023 15:07:25 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 5B71881FB4
Authentication-Results: smtp1.osuosl.org;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.a=rsa-sha256 header.s=20221208 header.b=TNY2Jt7R
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -1.599
X-Spam-Level: 
X-Spam-Status: No, score=-1.599 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 HTML_MESSAGE=0.001, PDS_BTC_ID=0.499, RCVD_IN_DNSWL_NONE=-0.0001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from smtp1.osuosl.org ([127.0.0.1])
 by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id bHT6zbJo2G4k
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri,  8 Sep 2023 15:07:24 +0000 (UTC)
Received: from mail-qv1-xf36.google.com (mail-qv1-xf36.google.com
 [IPv6:2607:f8b0:4864:20::f36])
 by smtp1.osuosl.org (Postfix) with ESMTPS id 53EE181FB3
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri,  8 Sep 2023 15:07:24 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 53EE181FB3
Received: by mail-qv1-xf36.google.com with SMTP id
 6a1803df08f44-64a70194fbeso13704126d6.0
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri, 08 Sep 2023 08:07:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1694185643; x=1694790443;
 darn=lists.linuxfoundation.org; 
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :from:to:cc:subject:date:message-id:reply-to;
 bh=apVrpYmv0ckVBelozlLgRdznR2Ym2LiGk+MaEnoKZiM=;
 b=TNY2Jt7RszMh4aRYxYuRbLPcQs5MxyVmgzDFFyCqAV/MRzCZv+JIrChmC8gG7ZiH1t
 CSY79V0/kmkxppL8ifOvcOC4CscutYI1rWROtjEC7IO0Iih245l8VIggApP/va3arHTn
 wLam3j8ezksjTAPi546Mk5pM5bid54D76zOx0G78zHqHWqDZsP/Wrii2e2Gw74iM5uue
 HOYUr1t8Ao5vBSm6O2a7YQUhQYvpayfs/SppjVO83VV1ssVrqUDeriJdzLSTqM4LMeO/
 ch+uTTWl/x9266kIrA7rdRwYTug1/meemo22o8AQwxDvK4t5yO83If0ABu4nDb3BZ3UK
 FI9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1694185643; x=1694790443;
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=apVrpYmv0ckVBelozlLgRdznR2Ym2LiGk+MaEnoKZiM=;
 b=mnekJpsXm/M5gL2g2tjjNLyNXNWbOcBLD1Vjr3Ztsispgw0JxFRPMlrNbvLkNwpb9I
 F6Prk3aGITy56G9yerRnaQj09TzMniXi2xcMapCNynYlKDuTuqqewIxZe7ZvoLPaMByH
 com+mV/O/tkWEtwW7pfpy6vEkDkMnaGPRxZi6aVWj40/740yGUuZkDR6tBoMJHwPIDub
 POM+V72VHeO7rOordqP+jGUtdcGAPIHe43iAQ7ZbCj/7cDZ0BMUPK928YbkEd3jDOEnX
 Q0vgtiJpDjsP71Ipk/sghZXCEsQKUlSCXXbq+4/Im41n+dx4EO/yfaGxgDRggcW0Vyu/
 E2YA==
X-Gm-Message-State: AOJu0YyvtzwW/GhcD1W6BcNWWTcTC1bof6gdF811JMn6FF1FVIT2R41M
 C34ih9nBQ1F5ImV4RYgidhU5f7n2ByXgt6KZE1E=
X-Google-Smtp-Source: AGHT+IGiLXJPNMqBstGVKOn7szi7FyOV6UkqUMsr6A7NiCjNuiC9olsfrcStj90U/5u/EqBo3kotWD9/TN2zWKTdszk=
X-Received: by 2002:a0c:f711:0:b0:653:5a81:4ac2 with SMTP id
 w17-20020a0cf711000000b006535a814ac2mr2615958qvn.35.1694185643042; Fri, 08
 Sep 2023 08:07:23 -0700 (PDT)
MIME-Version: 1.0
References: <VwPEzimSfSX3TndEvhlkap6TFYa5AUI8njvv29ijuMAZOrkLMeSjGVxRloDWbMNBCZbQ9p0jRfIYiLGTheI4wHBjEK5f4qjFOyPoYN5jGZs=@protonmail.com>
 <aqQNYBhbmUz3LRgMxGzzCiToOGl7Ra_gZAhk5xDnZKwkGv16ly2l3BqjQRD7pjaQ_QQ-3bouXBeNjitvPzfbNlP-NnHMkfampmmqiH1UvN8=@protonmail.com>
In-Reply-To: <aqQNYBhbmUz3LRgMxGzzCiToOGl7Ra_gZAhk5xDnZKwkGv16ly2l3BqjQRD7pjaQ_QQ-3bouXBeNjitvPzfbNlP-NnHMkfampmmqiH1UvN8=@protonmail.com>
From: Lucas Ontivero <lucasontivero@gmail.com>
Date: Fri, 8 Sep 2023 15:07:11 +0000
Message-ID: <CALHvQn1bt_TP17b3trEH7rE8TDreKGHgduQx3s0gxSYnMcKTqQ@mail.gmail.com>
To: kiminuo <kiminuo@protonmail.com>, 
 Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="0000000000006fed850604da55aa"
X-Mailman-Approved-At: Sun, 10 Sep 2023 16:06:03 +0000
Subject: Re: [bitcoin-dev] Parameters in BIP21 URIs
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2023 15:07:25 -0000

--0000000000006fed850604da55aa
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Kiminuo, this was discussed here: https://github.com/bitcoin/bips/pull/49


On Fri, Sep 8, 2023 at 2:39=E2=80=AFPM kiminuo via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> [Formatted version of this post is here:
> https://gist.github.com/kiminuo/cc2f19a4c5319e439fc7be8cbe5a39f9]
>
> Hi all,
>
> BIP 21 [https://github.com/bitcoin/bips/blob/master/bip-0021.mediawiki]
> defines a URI scheme for making Bitcoin payments and the purpose of the U=
RI
> scheme is to enable users to easily make payments by simply clicking link=
s
> on webpages or scanning QR Codes. An example of a BIP21 URI is:
>
>
> bitcoin:bc1qd4fxq8y8c7qh76gfnvl7amuhag3z27uw0w9f8p?amount=3D0.004&label=
=3DKiminuo&message=3DDonation
>
> Now to make it easier, these URIs are typically clickable. Bitcoin wallet=
s
> register the "bitcoin" URI scheme so that a BIP21 URI is parsed and data
> are pre-filled in a form to send your bitcoin to a recipient. Notably,
> wallets do not send your bitcoin once you click a BIP21 URI, there is sti=
ll
> a confirmation step that requires user's attention. Very similar experien=
ce
> is with a QR code that encodes a BIP21 URI where one just scans a QR code
> and data is, again, pre-filled in a wallet's UI for your convenience.
>
> While working on Wasabi's BIP21 implementation I noticed that based on th=
e
> BIP21 grammar [
> https://github.com/bitcoin/bips/blob/master/bip-0021.mediawiki#abnf-gramm=
ar],
> it is actually allowed to specify URI parameters multiple times. This mea=
ns
> that the following URI is actually valid:
>
> bitcoin:bc1qd4fxq8y8c7qh76gfnvl7amuhag3z27uw0w9f8p?amount=3D0.004&label=
=3DKiminuo&message=3DDonation&amount=3D1.004
> (note that the 'amount' parameter is specified twice)
>
> Bitcoin Core implements "the last value wins" behavior[^3] so amount=3D1.=
004
> will be taken into account and not "amount=3D0.004"[^4]. However, in gene=
ral,
> the fact that the same parameter can be specified multiple times can lead
> to a confusion for users and developers[^1][^2]. In the worst case, it
> might be exploited by some social engineering attempts by attempting to
> craft a 'clever' BIP21 URI and exploting behavior of a particular wallet
> software. For the record, I'm not aware that it actually happens, so this
> is rather a concern.
>
> The main question of this post is: Is it useful to allow specifying BIP21
> parameters multiple times or is it rather harmful?
>
> Regards,
> K.
>
> [^1]: https://github.com/JoinMarket-Org/joinmarket-clientserver/pull/1510
> [^2]:
> https://github.com/MetacoSA/NBitcoin/blob/93ef4532b9f2ea52b2c910266eeb668=
4f3bd25de/NBitcoin/Payment/BitcoinUrlBuilder.cs#L74-L78
> [^3]: I added a test to that effect in
> https://github.com/bitcoin/bitcoin/pull/27928/files, see
> https://github.com/bitcoin/bitcoin/blob/83719146047947e588aa0c7b5eee02f44=
884553d/src/qt/test/uritests.cpp#L68-L73
> .
> [^4]: You can test your wallet's behavior by scanning the last image here
> https://github.com/zkSNACKs/WalletWasabi/pull/10578#issue-1687564404 (or
> directly
> https://user-images.githubusercontent.com/58662979/265389405-16893ce8-7c1=
9-4262-bb60-5fd711336685.png
> ).
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

--0000000000006fed850604da55aa
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Kiminuo, this was discussed here: <a href=3D"https://=
github.com/bitcoin/bips/pull/49">https://github.com/bitcoin/bips/pull/49</a=
><br><br></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=
=3D"gmail_attr">On Fri, Sep 8, 2023 at 2:39=E2=80=AFPM kiminuo via bitcoin-=
dev &lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-de=
v@lists.linuxfoundation.org</a>&gt; wrote:<br></div><blockquote class=3D"gm=
ail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,=
204,204);padding-left:1ex"><span style=3D"font-family:Arial,sans-serif"><sp=
an>[Formatted version of this post is here: <span><a href=3D"https://gist.g=
ithub.com/kiminuo/cc2f19a4c5319e439fc7be8cbe5a39f9" rel=3D"noreferrer nofol=
low noopener" target=3D"_blank">https://gist.github.com/kiminuo/cc2f19a4c53=
19e439fc7be8cbe5a39f9</a></span>]<br></span></span><div><span><br></span></=
div><div><span>Hi all,</span></div><div><br></div><div><span>BIP 21 [<a hre=
f=3D"https://github.com/bitcoin/bips/blob/master/bip-0021.mediawiki" rel=3D=
"noreferrer nofollow noopener" target=3D"_blank">https://github.com/bitcoin=
/bips/blob/master/bip-0021.mediawiki</a>]
 defines a URI scheme for making Bitcoin payments and the purpose of the
 URI scheme is to enable users to easily make payments by simply=20
clicking links on webpages or scanning QR Codes. An example of a BIP21=20
URI is:</span></div><div><br></div><div><span>bitcoin:bc1qd4fxq8y8c7qh76gfn=
vl7amuhag3z27uw0w9f8p?amount=3D0.004&amp;label=3DKiminuo&amp;message=3DDona=
tion</span></div><div><br></div><div><span>Now
 to make it easier, these URIs are typically clickable. Bitcoin wallets=20
register the &quot;bitcoin&quot; URI scheme so that a BIP21 URI is parsed a=
nd data
 are pre-filled in a form to send your bitcoin to a recipient. Notably,=20
wallets do not send your bitcoin once you click a BIP21 URI, there is=20
still a confirmation step that requires user&#39;s attention. Very similar=
=20
experience is with a QR code that encodes a BIP21 URI where one just=20
scans a QR code and data is, again, pre-filled in a wallet&#39;s UI for you=
r
 convenience.</span></div><div><br></div><div><span>While working on Wasabi=
&#39;s BIP21 implementation I noticed that based on the BIP21 grammar [<a h=
ref=3D"https://github.com/bitcoin/bips/blob/master/bip-0021.mediawiki#abnf-=
grammar" rel=3D"noreferrer nofollow noopener" target=3D"_blank">https://git=
hub.com/bitcoin/bips/blob/master/bip-0021.mediawiki#abnf-grammar</a>], it i=
s actually allowed to specify URI parameters multiple times. This means tha=
t the following URI is actually valid:</span></div><div><br></div><div><spa=
n>bitcoin:bc1qd4fxq8y8c7qh76gfnvl7amuhag3z27uw0w9f8p?amount=3D0.004&amp;lab=
el=3DKiminuo&amp;message=3DDonation&amp;amount=3D1.004
 (note that the &#39;amount&#39; parameter is specified twice)</span></div>=
<div><br></div><div><span>Bitcoin
 Core implements &quot;the last value wins&quot; behavior[^3] so amount=3D1=
.004 will
 be taken into account and not &quot;amount=3D0.004&quot;[^4]. However, in =
general,=20
the fact that the same parameter can be specified multiple times can=20
lead to a confusion for users and developers[^1][^2]. In the worst case,
 it might be exploited by some social engineering attempts by attempting
 to craft a &#39;clever&#39; BIP21 URI and exploting behavior of a particul=
ar=20
wallet software. For the record, I&#39;m not aware that it actually happens=
,
 so this is rather a concern.</span></div><div><br></div><div><span>The mai=
n question of this post is: Is it useful to allow specifying BIP21 paramete=
rs multiple times or is it rather harmful?</span></div><div><br></div><div>=
<span>Regards,</span></div><div><span>K.</span></div><div><br></div><div><s=
pan>[^1]: <a href=3D"https://github.com/JoinMarket-Org/joinmarket-clientser=
ver/pull/1510" rel=3D"noreferrer nofollow noopener" target=3D"_blank">https=
://github.com/JoinMarket-Org/joinmarket-clientserver/pull/1510</a></span></=
div><div><span>[^2]: <a href=3D"https://github.com/MetacoSA/NBitcoin/blob/9=
3ef4532b9f2ea52b2c910266eeb6684f3bd25de/NBitcoin/Payment/BitcoinUrlBuilder.=
cs#L74-L78" rel=3D"noreferrer nofollow noopener" target=3D"_blank">https://=
github.com/MetacoSA/NBitcoin/blob/93ef4532b9f2ea52b2c910266eeb6684f3bd25de/=
NBitcoin/Payment/BitcoinUrlBuilder.cs#L74-L78</a></span></div><div><span>[^=
3]: I added a test to that effect in <a href=3D"https://github.com/bitcoin/=
bitcoin/pull/27928/files" rel=3D"noreferrer nofollow noopener" target=3D"_b=
lank">https://github.com/bitcoin/bitcoin/pull/27928/files</a>, see <a href=
=3D"https://github.com/bitcoin/bitcoin/blob/83719146047947e588aa0c7b5eee02f=
44884553d/src/qt/test/uritests.cpp#L68-L73" rel=3D"noreferrer nofollow noop=
ener" target=3D"_blank">https://github.com/bitcoin/bitcoin/blob/83719146047=
947e588aa0c7b5eee02f44884553d/src/qt/test/uritests.cpp#L68-L73</a>.</span><=
/div><span><span>[^4]: You can test your wallet&#39;s behavior by scanning =
the last image here <a href=3D"https://github.com/zkSNACKs/WalletWasabi/pul=
l/10578#issue-1687564404" rel=3D"noreferrer nofollow noopener" target=3D"_b=
lank">https://github.com/zkSNACKs/WalletWasabi/pull/10578#issue-1687564404<=
/a> (or directly <a href=3D"https://user-images.githubusercontent.com/58662=
979/265389405-16893ce8-7c19-4262-bb60-5fd711336685.png" rel=3D"noreferrer n=
ofollow noopener" target=3D"_blank">https://user-images.githubusercontent.c=
om/58662979/265389405-16893ce8-7c19-4262-bb60-5fd711336685.png</a>).</span>=
</span><span></span><br>_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div>

--0000000000006fed850604da55aa--