Hi all,
Just to be brief, I'll kick off with an attack scenario.
1. I am a signer, I get a PSBT that is ready to sign. I
parse. I sign according to the PSBT as-is.
2. I notice my UTXO was stolen by a hacker because they
changed my PSBT input's sighashtype to SIGHASH_ANYONECANPAY |
SIGHASH_NONE and after the fact they changed the outputs to
send to themselves, and added an input they signed with
SIGHASH_ALL.
3. I lose the BTC in my UTXO.
So we should definitely add to the signer checks "ensure
the sighash type given is the type of sighash you want to
sign." etc.
My proposal for a wording change would be addition to the
bullet list:
- If a sighash type is provided, the signer MUST check that
the sighash type is acceptable to them, and fail signing if
unacceptable.
- If a sighash type is not provided, the signer SHOULD sign
using SIGHASH_ALL, but may sign with any sighash type they
wish.
Any thoughts?
Thanks,
Jon
--
-----------------
Jonathan Underwood
ビットバンク社 チーフビットコインオフィサー
-----------------
暗号化したメッセージをお送りの方は下記の公開鍵をご利用下さい。
指紋: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3