Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
	helo=mx.sourceforge.net)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <bitcoin-list@bluematt.me>) id 1T3UUg-0000f8-Rj
	for bitcoin-development@lists.sourceforge.net;
	Mon, 20 Aug 2012 16:06:22 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of bluematt.me
	designates 173.246.101.161 as permitted sender)
	client-ip=173.246.101.161;
	envelope-from=bitcoin-list@bluematt.me; helo=mail.bluematt.me; 
Received: from vps.bluematt.me ([173.246.101.161] helo=mail.bluematt.me)
	by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1T3UUf-0004Cr-Th for bitcoin-development@lists.sourceforge.net;
	Mon, 20 Aug 2012 16:06:22 +0000
Received: from [192.168.1.2] (dhcp00757.north-resnet.unc.edu [152.23.202.249])
	by mail.bluematt.me (Postfix) with ESMTPSA id 594554273
	for <bitcoin-development@lists.sourceforge.net>;
	Mon, 20 Aug 2012 16:06:15 +0000 (UTC)
Message-ID: <1345478774.3471.4.camel@bmthinkpad.lan.bluematt.me>
From: Matt Corallo <bitcoin-list@bluematt.me>
To: bitcoin-development <bitcoin-development@lists.sourceforge.net>
Date: Mon, 20 Aug 2012 12:06:14 -0400
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.4.3-1 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Spam-Score: -1.7 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-0.2 RP_MATCHES_RCVD Envelope sender domain matches handover relay
	domain
X-Headers-End: 1T3UUf-0004Cr-Th
Subject: [Bitcoin-development] Warning to rawtx creators: bug in
	SIGHASH_SINGLE
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 20 Aug 2012 16:06:22 -0000

If you are playing around with the current rawtx API, be careful using
SIGHASH_SINGLE:

When parsing a transaction input, which uses a SIGHASH_SINGLE signature,
and the given input's index is >= the total number of outputs in the
current transaction, bitcoind doesn't sign anything useful, it signs the
constant 1.

Thus, if anyone were to create such an invalid transaction, any future
outputs to the public key which created the signature would be
immediately steal-able by anyone.

The conclusion on how to fix the issue was to fix the rawtx API to block
such transactions instead of creating a hardfork-risk or further
complicating transaction verification.

Code (in script.cpp:SignatureHash, under SIGHASH_SINGLE):
        if (nOut >= txTmp.vout.size())
        {
            printf("ERROR: SignatureHash() : nOut=%d out of range\n", nOut);
            return 1;
        }

Matt