From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1U5Z8u-0001hk-MD for bitcoin-development@lists.sourceforge.net; Wed, 13 Feb 2013 10:00:44 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.214.172 as permitted sender) client-ip=209.85.214.172; envelope-from=mh.in.england@gmail.com; helo=mail-ob0-f172.google.com; Received: from mail-ob0-f172.google.com ([209.85.214.172]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1U5Z8r-0004Au-9a for bitcoin-development@lists.sourceforge.net; Wed, 13 Feb 2013 10:00:44 +0000 Received: by mail-ob0-f172.google.com with SMTP id tb18so1058787obb.31 for ; Wed, 13 Feb 2013 02:00:36 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.182.159.98 with SMTP id xb2mr16283224obb.35.1360749635913; Wed, 13 Feb 2013 02:00:35 -0800 (PST) Sender: mh.in.england@gmail.com Received: by 10.76.86.169 with HTTP; Wed, 13 Feb 2013 02:00:35 -0800 (PST) In-Reply-To: <20130213041209.GA28202@savin> References: <20130212151108.GA639@savin> <20130213041209.GA28202@savin> Date: Wed, 13 Feb 2013 11:00:35 +0100 X-Google-Sender-Auth: Xf8-wE4IDWWSUQkVDuNh2Dr8his Message-ID: From: Mike Hearn To: Peter Todd Content-Type: multipart/alternative; boundary=14dae9399a4dad494204d59836a2 X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1U5Z8r-0004Au-9a Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] RFC: empty scriptPubKeys and OP_RETURN for marking unspendable txouts X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Feb 2013 10:00:45 -0000 --14dae9399a4dad494204d59836a2 Content-Type: text/plain; charset=UTF-8 > So what exactly was the OP_RETURN bug anyway? I know it has something to > do with not executing the scriptSig and scriptPubKey separately > (https://bitcointalk.org/index.php?topic=58579.msg691432#msg691432) but > commit 7f7f07 that you reference isn't in the tree, nor is 0.3.5 tagged. > It was fixed by Satoshi long ago, back when we used CVS I think. The problem was how scripts were executed. They were concatenated together and then run as a single unit. The now obsolete OP_CODESEPARATOR was put between them to control what was hashed and what wasn't. The obvious problem with that arrangement being that scriptSig ran first (it has to, to push the signatures onto the stack), so nothing stopped you setting a scriptSig to OP_RETURN and making the script evaluate to true, always. A pretty amazing oversight given the thought and care that went into Bitcoin generally, and its robustness since then. The fix was to move to the current system whereby the two scripts are executed independently but sharing a stack, and it's only the return value of the scriptPubKey that matters. The scripting system always struck me as a rather late addition to the design. Satoshi admitted as much when he said that he added it after encountering an explosion of special cases as he designed various types of contracts. The fact that there's an obvious bug in CHECKMULTISIG is more evidence of this part being a general rush job, along with Satoshis willingness to disable much of its functionality later with the IsStandard checks. Also the design of CHECKSIG is an obvious retrofit, it would have made far more sense to decompose it, and we never found a use case for 99% of the opcodes despite having successfully designed (redesigned?) all the contract types he ever mentioned. --14dae9399a4dad494204d59836a2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

=
So what exactly was the OP_RETURN bug anyway? I know it has something to do with not executing the scriptSig and scriptPubKey separately
(https://bitcointalk.org/index.php?topic=3D58579.msg= 691432#msg691432) but
commit 7f7f07 that you reference isn't in the tree, nor is 0.3.5 tagged= .

It was fixed by Satoshi long ago, back when we used CVS I thi= nk.

The problem was how scripts were executed. They were concatenated together= and then run as a single unit. The now obsolete OP_CODESEPARATOR was put b= etween them to control what was hashed and what wasn't.

The obvious problem with that arrangement being that scriptSig ran first (= it has to, to push the signatures onto the stack), so nothing stopped you s= etting a scriptSig to OP_RETURN and making the script evaluate to true, alw= ays. A pretty amazing oversight given the thought and care that went into B= itcoin generally, and its robustness since then.

The fix was to move to the current system whereby the two scripts are exec= uted independently but sharing a stack, and it's only the return value = of the scriptPubKey that matters.

The scripting system always struck me as a rather late addition to the des= ign. Satoshi admitted as much when he said that he added it after encounter= ing an explosion of special cases as he designed various types of contracts= . The fact that there's an obvious bug in CHECKMULTISIG is more evidenc= e of this part being a general rush job, along with Satoshis willingness to= disable much of its functionality later with the IsStandard checks. Also t= he design of CHECKSIG is an obvious retrofit, it would have made far more s= ense to decompose it, and we never found a use case for 99% of the opcodes = despite having successfully designed (redesigned?) all the contract types h= e ever mentioned.

--14dae9399a4dad494204d59836a2--