Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1T3UUg-0000f8-Rj for bitcoin-development@lists.sourceforge.net; Mon, 20 Aug 2012 16:06:22 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of bluematt.me designates 173.246.101.161 as permitted sender) client-ip=173.246.101.161; envelope-from=bitcoin-list@bluematt.me; helo=mail.bluematt.me; Received: from vps.bluematt.me ([173.246.101.161] helo=mail.bluematt.me) by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1T3UUf-0004Cr-Th for bitcoin-development@lists.sourceforge.net; Mon, 20 Aug 2012 16:06:22 +0000 Received: from [192.168.1.2] (dhcp00757.north-resnet.unc.edu [152.23.202.249]) by mail.bluematt.me (Postfix) with ESMTPSA id 594554273 for ; Mon, 20 Aug 2012 16:06:15 +0000 (UTC) Message-ID: <1345478774.3471.4.camel@bmthinkpad.lan.bluematt.me> From: Matt Corallo To: bitcoin-development Date: Mon, 20 Aug 2012 12:06:14 -0400 Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.4.3-1 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Spam-Score: -1.7 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record -0.2 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1T3UUf-0004Cr-Th Subject: [Bitcoin-development] Warning to rawtx creators: bug in SIGHASH_SINGLE X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Aug 2012 16:06:22 -0000 If you are playing around with the current rawtx API, be careful using SIGHASH_SINGLE: When parsing a transaction input, which uses a SIGHASH_SINGLE signature, and the given input's index is >= the total number of outputs in the current transaction, bitcoind doesn't sign anything useful, it signs the constant 1. Thus, if anyone were to create such an invalid transaction, any future outputs to the public key which created the signature would be immediately steal-able by anyone. The conclusion on how to fix the issue was to fix the rawtx API to block such transactions instead of creating a hardfork-risk or further complicating transaction verification. Code (in script.cpp:SignatureHash, under SIGHASH_SINGLE): if (nOut >= txTmp.vout.size()) { printf("ERROR: SignatureHash() : nOut=%d out of range\n", nOut); return 1; } Matt