Return-Path: <pete@petertodd.org>
Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])
 by lists.linuxfoundation.org (Postfix) with ESMTP id DCF4BC0032
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri, 20 Oct 2023 17:34:32 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp4.osuosl.org (Postfix) with ESMTP id 900A24EEBE
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri, 20 Oct 2023 17:34:32 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 900A24EEBE
Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key,
 unprotected) header.d=messagingengine.com header.i=@messagingengine.com
 header.a=rsa-sha256 header.s=fm3 header.b=LInmKhCR
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level: 
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
 autolearn=ham autolearn_force=no
Received: from smtp4.osuosl.org ([127.0.0.1])
 by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 0G3U0uab65Oh
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri, 20 Oct 2023 17:34:31 +0000 (UTC)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com
 [66.111.4.29])
 by smtp4.osuosl.org (Postfix) with ESMTPS id CD8D34EEBD
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri, 20 Oct 2023 17:34:30 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org CD8D34EEBD
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47])
 by mailout.nyi.internal (Postfix) with ESMTP id 840335C09F7;
 Fri, 20 Oct 2023 13:34:29 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute6.internal (MEProxy); Fri, 20 Oct 2023 13:34:29 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:content-type:date:date
 :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
 :message-id:mime-version:references:reply-to:sender:subject
 :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm3; t=1697823269; x=1697909669; bh=hRp6btAT0uHLq
 +6KXbcpDpj8u75/FGd5pDApYw+4AmI=; b=LInmKhCRU7X3wgQHRmMvFtLAU5FXU
 MEcuQ97rDrWCaoThgQNZKvFXRn/IZZDTvJipimJtLpcWUb7UWwIhvgAhTRE+v0Cj
 dQkYmV9vhfU0o+ta985TDqaN4kL7v21VKk5xpRN2jV8DFCPq//FT/7t270RHt9w1
 hrxZQnXZTrrMiqX1plVCLADhrp6xAD2y2VFtJWEPU/0tu6XOrBQzSeEErzjh5V2e
 38G2xNF4/upn5A+c6vYS90Q6tqeyYd12o9wMFx5JmIfIXpgYW3cAhNKZRzOSHeuT
 jtYk3ju3JOF+U0BhrZKPd+l2wvRmonJJ/NCKRMPUrbkuftwshP+Yd44bQ==
X-ME-Sender: <xms:JboyZbng7KsSsDIpbU_GAbmOJGZ9VOqP-ynb-H6M3dNti6Bk8Wu1uQ>
 <xme:JboyZe0AROa4_6gVLoiYfNVdejOj4WQSBAFImDtYZ9xwYRBGUBSWWl2kVy_sAPWi7
 cGf6GOMKbcDZpRX5Gs>
X-ME-Received: <xmr:JboyZRqrpXsBzhLCaVcAU9h7RTkHNMDyhHYEap7tX3FAJ8JLU4ZFiBBtyw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrjeekgdduuddvucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujgesghdtre
 ertddtvdenucfhrhhomheprfgvthgvrhcuvfhougguuceophgvthgvsehpvghtvghrthho
 uggurdhorhhgqeenucggtffrrghtthgvrhhnpeeklefffeefhfdugfeuvefffeethfevhf
 evudfhvdetteeggfevvdfhieetledukeenucffohhmrghinhepghhithhhuhgsrdgtohhm
 pdhpvghtvghrthhouggurdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrg
 hmpehmrghilhhfrhhomhepphgvthgvsehpvghtvghrthhouggurdhorhhg
X-ME-Proxy: <xmx:JboyZTmiHgoGxeNT9_kIy1ucnJRmbODS-onv171uHx2O4UkRgKwpdA>
 <xmx:JboyZZ0Mmguca06MW5ypjio5SQy8418OFUi-W9vt-y0QMeVHani0iQ>
 <xmx:JboyZSsJj5-JjScvCTgLSNS5nqN8M9PW1Yo3uCziJYnDD-xq-1iYkQ>
 <xmx:JboyZSxJAVaD8tGIktXeaWjmtsQ9uFkNPtjzq6x6XImR7nDcEzSI4g>
Feedback-ID: i525146e8:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri,
 20 Oct 2023 13:34:28 -0400 (EDT)
Received: by localhost (Postfix, from userid 1000)
 id 065045F83F; Fri, 20 Oct 2023 17:34:28 +0000 (UTC)
Date: Fri, 20 Oct 2023 17:34:28 +0000
From: Peter Todd <pete@petertodd.org>
To: Fabian <fjahr@protonmail.com>,
 Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <ZTK6JINSo6WyvJL0@petertodd.org>
References: <kxXtwQMByYbMavS5P9a2tAUd8wz0yTUifost_txwTiQfNKTBtgdepLmAyV4XN6m4wY74cdZLX4EtsiEJ-jpZsnSxPIrCAN5wK8eK8xx1WGw=@protonmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="hIYWMfa3kkDKACtz"
Content-Disposition: inline
In-Reply-To: <kxXtwQMByYbMavS5P9a2tAUd8wz0yTUifost_txwTiQfNKTBtgdepLmAyV4XN6m4wY74cdZLX4EtsiEJ-jpZsnSxPIrCAN5wK8eK8xx1WGw=@protonmail.com>
Subject: Re: [bitcoin-dev] Breaking change in calculation of
	hash_serialized_2
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Oct 2023 17:34:33 -0000


--hIYWMfa3kkDKACtz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Oct 20, 2023 at 05:19:19PM +0000, Fabian via bitcoin-dev wrote:
> Hello list,
>=20
> on Wednesday I found a potential malleability issue in the UTXO set dump =
files
> generated for and used by assumeutxo [1]. On Thursday morning theStack had
> found the cause of the issue [2]: A bug in the serialization of UTXOs for=
 the
> calculation of hash_serialized_2. This is the value used by Bitcoin Core =
to
> check if the UTXO set loaded from a dump file matches what is expected. T=
he
> value of hash_serialized_2 expected for a particular block is hardcoded i=
nto
> the chainparams of each chain.

<snip>

> [1] https://github.com/bitcoin/bitcoin/issues/28675
> [2] https://github.com/bitcoin/bitcoin/issues/28675#issuecomment-17703894=
68[3] https://github.com/bitcoin/bitcoin/pull/28685

James made the following comment on the above issue:

> Wow, good find @fjahr et al. I wonder if there's any value in committing =
to a
> sha256sum of the snapshot file itself in the source code as a
> belt-and-suspenders remediation for issues like this.

Why *isn't* the sha256 hash of the snapshot file itself the canonical hash?
That would obviously eliminate any malleability issues. gettxoutsetinfo alr=
eady
has to walk the entire UTXO set to calculate the hash. Making it simply
generate the actual contents of the dump file and calculate the hash of it =
is
the obvious way to implement this.

--=20
https://petertodd.org 'peter'[:-1]@petertodd.org

--hIYWMfa3kkDKACtz
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmUyuiEACgkQLly11TVR
Lze/uQ/9FwPyc/O06kMIhT0kf17QE3Dg9AYOXR5D9Dqiz9EoLigfcmfD9VEhbEM9
IWUYNhiLzoPhAAFIIF8ypzfYrnhuT/JnoNKLsX0lC3z6CBnBMabfcEGg+aqjGIyi
iOhaDtdIVRNq7nXchSdsY6BuNrxUMauqguRJzKiR391V43jhJ2GrCtG+Wa1u+KhE
S0x4Pr4Yc8RQ4423WMh1KdblHEYz/zO41XP8V9/liWHBqRSohkmypgKD4Uq4FYAJ
K7uxkWu0Eqyv3h8rOtSautbIm6LQwXhhiXiWHdKz/9xlkNUd4BO+CoWWfp2Cet93
99Dgo9Y3Tlk4S3PlNv4REgCLE74WPXerX1Rnvhe1Nmfq+gjMnUHLfLKtWk95f/uY
4ejpHznNK3+OeYSBWA/jx3GUHnqjto6wC3ycITgMIxsY7Spzdfs3psowxUIOUYgL
6YJHpqJu3iOnyFFh037/EkPEmAk/ytoxkPvQXljqw88ub5tQbiMB5c2VxERXgXUz
EqAw4vREmyjFfemgkPyaPqKCJCeCSPtnlJDd1edm1G/MIsACbDZHSx8XWnH9YyBm
IAXG3HNQpZ+qxOBcbR46wwfadI+ULcw1h+yslWE0mbk5DpPxDARk7qg4NEUgo/6N
jjqI4t8vgasFqnogMdk3m1aQ47RiHJpndYP/gCIR4OErOfOZJr4=
=dHmq
-----END PGP SIGNATURE-----

--hIYWMfa3kkDKACtz--