1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
|
Return-Path: <lucasontivero@gmail.com>
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
by lists.linuxfoundation.org (Postfix) with ESMTP id 8EBD2C0032
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 8 Sep 2023 15:07:25 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp1.osuosl.org (Postfix) with ESMTP id 5B71881FB4
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 8 Sep 2023 15:07:25 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 5B71881FB4
Authentication-Results: smtp1.osuosl.org;
dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
header.a=rsa-sha256 header.s=20221208 header.b=TNY2Jt7R
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -1.599
X-Spam-Level:
X-Spam-Status: No, score=-1.599 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, PDS_BTC_ID=0.499, RCVD_IN_DNSWL_NONE=-0.0001,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from smtp1.osuosl.org ([127.0.0.1])
by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id bHT6zbJo2G4k
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 8 Sep 2023 15:07:24 +0000 (UTC)
Received: from mail-qv1-xf36.google.com (mail-qv1-xf36.google.com
[IPv6:2607:f8b0:4864:20::f36])
by smtp1.osuosl.org (Postfix) with ESMTPS id 53EE181FB3
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 8 Sep 2023 15:07:24 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 53EE181FB3
Received: by mail-qv1-xf36.google.com with SMTP id
6a1803df08f44-64a70194fbeso13704126d6.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 08 Sep 2023 08:07:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1694185643; x=1694790443;
darn=lists.linuxfoundation.org;
h=to:subject:message-id:date:from:in-reply-to:references:mime-version
:from:to:cc:subject:date:message-id:reply-to;
bh=apVrpYmv0ckVBelozlLgRdznR2Ym2LiGk+MaEnoKZiM=;
b=TNY2Jt7RszMh4aRYxYuRbLPcQs5MxyVmgzDFFyCqAV/MRzCZv+JIrChmC8gG7ZiH1t
CSY79V0/kmkxppL8ifOvcOC4CscutYI1rWROtjEC7IO0Iih245l8VIggApP/va3arHTn
wLam3j8ezksjTAPi546Mk5pM5bid54D76zOx0G78zHqHWqDZsP/Wrii2e2Gw74iM5uue
HOYUr1t8Ao5vBSm6O2a7YQUhQYvpayfs/SppjVO83VV1ssVrqUDeriJdzLSTqM4LMeO/
ch+uTTWl/x9266kIrA7rdRwYTug1/meemo22o8AQwxDvK4t5yO83If0ABu4nDb3BZ3UK
FI9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1694185643; x=1694790443;
h=to:subject:message-id:date:from:in-reply-to:references:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=apVrpYmv0ckVBelozlLgRdznR2Ym2LiGk+MaEnoKZiM=;
b=mnekJpsXm/M5gL2g2tjjNLyNXNWbOcBLD1Vjr3Ztsispgw0JxFRPMlrNbvLkNwpb9I
F6Prk3aGITy56G9yerRnaQj09TzMniXi2xcMapCNynYlKDuTuqqewIxZe7ZvoLPaMByH
com+mV/O/tkWEtwW7pfpy6vEkDkMnaGPRxZi6aVWj40/740yGUuZkDR6tBoMJHwPIDub
POM+V72VHeO7rOordqP+jGUtdcGAPIHe43iAQ7ZbCj/7cDZ0BMUPK928YbkEd3jDOEnX
Q0vgtiJpDjsP71Ipk/sghZXCEsQKUlSCXXbq+4/Im41n+dx4EO/yfaGxgDRggcW0Vyu/
E2YA==
X-Gm-Message-State: AOJu0YyvtzwW/GhcD1W6BcNWWTcTC1bof6gdF811JMn6FF1FVIT2R41M
C34ih9nBQ1F5ImV4RYgidhU5f7n2ByXgt6KZE1E=
X-Google-Smtp-Source: AGHT+IGiLXJPNMqBstGVKOn7szi7FyOV6UkqUMsr6A7NiCjNuiC9olsfrcStj90U/5u/EqBo3kotWD9/TN2zWKTdszk=
X-Received: by 2002:a0c:f711:0:b0:653:5a81:4ac2 with SMTP id
w17-20020a0cf711000000b006535a814ac2mr2615958qvn.35.1694185643042; Fri, 08
Sep 2023 08:07:23 -0700 (PDT)
MIME-Version: 1.0
References: <VwPEzimSfSX3TndEvhlkap6TFYa5AUI8njvv29ijuMAZOrkLMeSjGVxRloDWbMNBCZbQ9p0jRfIYiLGTheI4wHBjEK5f4qjFOyPoYN5jGZs=@protonmail.com>
<aqQNYBhbmUz3LRgMxGzzCiToOGl7Ra_gZAhk5xDnZKwkGv16ly2l3BqjQRD7pjaQ_QQ-3bouXBeNjitvPzfbNlP-NnHMkfampmmqiH1UvN8=@protonmail.com>
In-Reply-To: <aqQNYBhbmUz3LRgMxGzzCiToOGl7Ra_gZAhk5xDnZKwkGv16ly2l3BqjQRD7pjaQ_QQ-3bouXBeNjitvPzfbNlP-NnHMkfampmmqiH1UvN8=@protonmail.com>
From: Lucas Ontivero <lucasontivero@gmail.com>
Date: Fri, 8 Sep 2023 15:07:11 +0000
Message-ID: <CALHvQn1bt_TP17b3trEH7rE8TDreKGHgduQx3s0gxSYnMcKTqQ@mail.gmail.com>
To: kiminuo <kiminuo@protonmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="0000000000006fed850604da55aa"
X-Mailman-Approved-At: Sun, 10 Sep 2023 16:06:03 +0000
Subject: Re: [bitcoin-dev] Parameters in BIP21 URIs
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2023 15:07:25 -0000
--0000000000006fed850604da55aa
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Kiminuo, this was discussed here: https://github.com/bitcoin/bips/pull/49
On Fri, Sep 8, 2023 at 2:39=E2=80=AFPM kiminuo via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> [Formatted version of this post is here:
> https://gist.github.com/kiminuo/cc2f19a4c5319e439fc7be8cbe5a39f9]
>
> Hi all,
>
> BIP 21 [https://github.com/bitcoin/bips/blob/master/bip-0021.mediawiki]
> defines a URI scheme for making Bitcoin payments and the purpose of the U=
RI
> scheme is to enable users to easily make payments by simply clicking link=
s
> on webpages or scanning QR Codes. An example of a BIP21 URI is:
>
>
> bitcoin:bc1qd4fxq8y8c7qh76gfnvl7amuhag3z27uw0w9f8p?amount=3D0.004&label=
=3DKiminuo&message=3DDonation
>
> Now to make it easier, these URIs are typically clickable. Bitcoin wallet=
s
> register the "bitcoin" URI scheme so that a BIP21 URI is parsed and data
> are pre-filled in a form to send your bitcoin to a recipient. Notably,
> wallets do not send your bitcoin once you click a BIP21 URI, there is sti=
ll
> a confirmation step that requires user's attention. Very similar experien=
ce
> is with a QR code that encodes a BIP21 URI where one just scans a QR code
> and data is, again, pre-filled in a wallet's UI for your convenience.
>
> While working on Wasabi's BIP21 implementation I noticed that based on th=
e
> BIP21 grammar [
> https://github.com/bitcoin/bips/blob/master/bip-0021.mediawiki#abnf-gramm=
ar],
> it is actually allowed to specify URI parameters multiple times. This mea=
ns
> that the following URI is actually valid:
>
> bitcoin:bc1qd4fxq8y8c7qh76gfnvl7amuhag3z27uw0w9f8p?amount=3D0.004&label=
=3DKiminuo&message=3DDonation&amount=3D1.004
> (note that the 'amount' parameter is specified twice)
>
> Bitcoin Core implements "the last value wins" behavior[^3] so amount=3D1.=
004
> will be taken into account and not "amount=3D0.004"[^4]. However, in gene=
ral,
> the fact that the same parameter can be specified multiple times can lead
> to a confusion for users and developers[^1][^2]. In the worst case, it
> might be exploited by some social engineering attempts by attempting to
> craft a 'clever' BIP21 URI and exploting behavior of a particular wallet
> software. For the record, I'm not aware that it actually happens, so this
> is rather a concern.
>
> The main question of this post is: Is it useful to allow specifying BIP21
> parameters multiple times or is it rather harmful?
>
> Regards,
> K.
>
> [^1]: https://github.com/JoinMarket-Org/joinmarket-clientserver/pull/1510
> [^2]:
> https://github.com/MetacoSA/NBitcoin/blob/93ef4532b9f2ea52b2c910266eeb668=
4f3bd25de/NBitcoin/Payment/BitcoinUrlBuilder.cs#L74-L78
> [^3]: I added a test to that effect in
> https://github.com/bitcoin/bitcoin/pull/27928/files, see
> https://github.com/bitcoin/bitcoin/blob/83719146047947e588aa0c7b5eee02f44=
884553d/src/qt/test/uritests.cpp#L68-L73
> .
> [^4]: You can test your wallet's behavior by scanning the last image here
> https://github.com/zkSNACKs/WalletWasabi/pull/10578#issue-1687564404 (or
> directly
> https://user-images.githubusercontent.com/58662979/265389405-16893ce8-7c1=
9-4262-bb60-5fd711336685.png
> ).
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--0000000000006fed850604da55aa
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>Kiminuo, this was discussed here: <a href=3D"https://=
github.com/bitcoin/bips/pull/49">https://github.com/bitcoin/bips/pull/49</a=
><br><br></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=
=3D"gmail_attr">On Fri, Sep 8, 2023 at 2:39=E2=80=AFPM kiminuo via bitcoin-=
dev <<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-de=
v@lists.linuxfoundation.org</a>> wrote:<br></div><blockquote class=3D"gm=
ail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,=
204,204);padding-left:1ex"><span style=3D"font-family:Arial,sans-serif"><sp=
an>[Formatted version of this post is here: <span><a href=3D"https://gist.g=
ithub.com/kiminuo/cc2f19a4c5319e439fc7be8cbe5a39f9" rel=3D"noreferrer nofol=
low noopener" target=3D"_blank">https://gist.github.com/kiminuo/cc2f19a4c53=
19e439fc7be8cbe5a39f9</a></span>]<br></span></span><div><span><br></span></=
div><div><span>Hi all,</span></div><div><br></div><div><span>BIP 21 [<a hre=
f=3D"https://github.com/bitcoin/bips/blob/master/bip-0021.mediawiki" rel=3D=
"noreferrer nofollow noopener" target=3D"_blank">https://github.com/bitcoin=
/bips/blob/master/bip-0021.mediawiki</a>]
defines a URI scheme for making Bitcoin payments and the purpose of the
URI scheme is to enable users to easily make payments by simply=20
clicking links on webpages or scanning QR Codes. An example of a BIP21=20
URI is:</span></div><div><br></div><div><span>bitcoin:bc1qd4fxq8y8c7qh76gfn=
vl7amuhag3z27uw0w9f8p?amount=3D0.004&label=3DKiminuo&message=3DDona=
tion</span></div><div><br></div><div><span>Now
to make it easier, these URIs are typically clickable. Bitcoin wallets=20
register the "bitcoin" URI scheme so that a BIP21 URI is parsed a=
nd data
are pre-filled in a form to send your bitcoin to a recipient. Notably,=20
wallets do not send your bitcoin once you click a BIP21 URI, there is=20
still a confirmation step that requires user's attention. Very similar=
=20
experience is with a QR code that encodes a BIP21 URI where one just=20
scans a QR code and data is, again, pre-filled in a wallet's UI for you=
r
convenience.</span></div><div><br></div><div><span>While working on Wasabi=
's BIP21 implementation I noticed that based on the BIP21 grammar [<a h=
ref=3D"https://github.com/bitcoin/bips/blob/master/bip-0021.mediawiki#abnf-=
grammar" rel=3D"noreferrer nofollow noopener" target=3D"_blank">https://git=
hub.com/bitcoin/bips/blob/master/bip-0021.mediawiki#abnf-grammar</a>], it i=
s actually allowed to specify URI parameters multiple times. This means tha=
t the following URI is actually valid:</span></div><div><br></div><div><spa=
n>bitcoin:bc1qd4fxq8y8c7qh76gfnvl7amuhag3z27uw0w9f8p?amount=3D0.004&lab=
el=3DKiminuo&message=3DDonation&amount=3D1.004
(note that the 'amount' parameter is specified twice)</span></div>=
<div><br></div><div><span>Bitcoin
Core implements "the last value wins" behavior[^3] so amount=3D1=
.004 will
be taken into account and not "amount=3D0.004"[^4]. However, in =
general,=20
the fact that the same parameter can be specified multiple times can=20
lead to a confusion for users and developers[^1][^2]. In the worst case,
it might be exploited by some social engineering attempts by attempting
to craft a 'clever' BIP21 URI and exploting behavior of a particul=
ar=20
wallet software. For the record, I'm not aware that it actually happens=
,
so this is rather a concern.</span></div><div><br></div><div><span>The mai=
n question of this post is: Is it useful to allow specifying BIP21 paramete=
rs multiple times or is it rather harmful?</span></div><div><br></div><div>=
<span>Regards,</span></div><div><span>K.</span></div><div><br></div><div><s=
pan>[^1]: <a href=3D"https://github.com/JoinMarket-Org/joinmarket-clientser=
ver/pull/1510" rel=3D"noreferrer nofollow noopener" target=3D"_blank">https=
://github.com/JoinMarket-Org/joinmarket-clientserver/pull/1510</a></span></=
div><div><span>[^2]: <a href=3D"https://github.com/MetacoSA/NBitcoin/blob/9=
3ef4532b9f2ea52b2c910266eeb6684f3bd25de/NBitcoin/Payment/BitcoinUrlBuilder.=
cs#L74-L78" rel=3D"noreferrer nofollow noopener" target=3D"_blank">https://=
github.com/MetacoSA/NBitcoin/blob/93ef4532b9f2ea52b2c910266eeb6684f3bd25de/=
NBitcoin/Payment/BitcoinUrlBuilder.cs#L74-L78</a></span></div><div><span>[^=
3]: I added a test to that effect in <a href=3D"https://github.com/bitcoin/=
bitcoin/pull/27928/files" rel=3D"noreferrer nofollow noopener" target=3D"_b=
lank">https://github.com/bitcoin/bitcoin/pull/27928/files</a>, see <a href=
=3D"https://github.com/bitcoin/bitcoin/blob/83719146047947e588aa0c7b5eee02f=
44884553d/src/qt/test/uritests.cpp#L68-L73" rel=3D"noreferrer nofollow noop=
ener" target=3D"_blank">https://github.com/bitcoin/bitcoin/blob/83719146047=
947e588aa0c7b5eee02f44884553d/src/qt/test/uritests.cpp#L68-L73</a>.</span><=
/div><span><span>[^4]: You can test your wallet's behavior by scanning =
the last image here <a href=3D"https://github.com/zkSNACKs/WalletWasabi/pul=
l/10578#issue-1687564404" rel=3D"noreferrer nofollow noopener" target=3D"_b=
lank">https://github.com/zkSNACKs/WalletWasabi/pull/10578#issue-1687564404<=
/a> (or directly <a href=3D"https://user-images.githubusercontent.com/58662=
979/265389405-16893ce8-7c19-4262-bb60-5fd711336685.png" rel=3D"noreferrer n=
ofollow noopener" target=3D"_blank">https://user-images.githubusercontent.c=
om/58662979/265389405-16893ce8-7c19-4262-bb60-5fd711336685.png</a>).</span>=
</span><span></span><br>_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div>
--0000000000006fed850604da55aa--
|