From laolu32 at gmail.com Mon May 2 21:48:19 2016 From: laolu32 at gmail.com (Olaoluwa Osuntokun) Date: Mon, 02 May 2016 21:48:19 +0000 Subject: [Lightning-dev] Oversize preimage attack. In-Reply-To: <871t5lf3p1.fsf@rustcorp.com.au> References: <871t5lf3p1.fsf@rustcorp.com.au> Message-ID: <CAO3Pvs99wZx_0wi90VTOSewDm=eGjKfKAvy8P=dQTbYrvqkcLw@mail.gmail.com> > > Or require a 110k preimage to redeem, drop to the blockchain, then > redeem it by sending direct to a miner. A node trying to use that > preimage would create a non-standard transaction, which may not > propagate. Similarly with an almost 4MB preimage which requires you > to grind out a tiny signature to redeem in a tx small enough... > Segwit's witness program validation logic ensures that each element of the passed witness stack is less-than-or-equal-to the maximum script element size (520 bytes). This check is enforced before execution itself. Therefore, even without the additional OP_SIZE check, Script will enforce a ceiling on the pre-image size. We've also recently made such an observation, resulting in a modification to our scripts similar to the one you've detailed. Thanks for sounding the alarm with this mailing-list post! Best, Laolu -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20160502/fef7092a/attachment.html>