From laolu32 at gmail.com  Mon May  2 21:48:19 2016
From: laolu32 at gmail.com (Olaoluwa Osuntokun)
Date: Mon, 02 May 2016 21:48:19 +0000
Subject: [Lightning-dev] Oversize preimage attack.
In-Reply-To: <871t5lf3p1.fsf@rustcorp.com.au>
References: <871t5lf3p1.fsf@rustcorp.com.au>
Message-ID: <CAO3Pvs99wZx_0wi90VTOSewDm=eGjKfKAvy8P=dQTbYrvqkcLw@mail.gmail.com>

>
>  Or require a 110k preimage to redeem, drop to the blockchain, then
> redeem it by sending direct to a miner.  A node trying to use that
> preimage would create a non-standard transaction, which may not
> propagate.  Similarly with an almost 4MB preimage which requires you
> to grind out a tiny signature to redeem in a tx small enough...
>

Segwit's witness program validation logic ensures that each element of the
passed witness stack is less-than-or-equal-to the maximum script element
size (520 bytes). This check is enforced before execution itself.
Therefore, even without the additional OP_SIZE check, Script will enforce a
ceiling on the pre-image size.

We've also recently made such an observation, resulting in a modification
to our scripts similar to the one you've detailed. Thanks for sounding the
alarm with this mailing-list post!

Best,
Laolu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20160502/fef7092a/attachment.html>