[Policy] Reject SIGHASH_SINGLE with output out of bound #13360
Conversation
src/policy/policy.h
Outdated
There was a problem hiding this comment.
SCRIPT_VERIFY_SECURE_SIGHASH_SINGLE since it's making sure it's secure, not that it's insecure, and to make it self-evident what it is?
jl2012
force-pushed
the
insecure_single
branch
2 times, most recently
from
2ce4d80 to
146cf12
Compare
src/script/interpreter.h
Outdated
There was a problem hiding this comment.
Remove reference to const bool?
src/script/sign.cpp
Outdated
There was a problem hiding this comment.
Why not just pass unsigned int flags into CheckSig? It seems like there might be flags in the future we want to check for as well, so why not bite the bullet and just pass in the flags?
There was a problem hiding this comment.
I could go either way, but as is this avoids an internal dependency in CheckSig on flags' implementation.
There was a problem hiding this comment.
It is also used in sign.cpp so I'd like to avoid using flags
|
strong concept ACK. |
src/script/interpreter.cpp
Outdated
There was a problem hiding this comment.
nit: I would lead with require_secure_single since it's a feature flipper
There was a problem hiding this comment.
It is ranked by rarity. The use if SIGHASH_SINGLE is rare. If it is not used, the remaining conditions will not be inspected.
|
rebased |
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
| { | ||
| public: | ||
| virtual bool CheckSig(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const | ||
| virtual bool CheckSig(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion, const bool require_secure_single) const |
There was a problem hiding this comment.
Should require_secure_single be an unnamed parameter since it is not used?
There was a problem hiding this comment.
Just for consistency?
EDIT: I'm wrong, |
|
This patch must be used with the NULLFAIL rule. Otherwise, it would be a hardfork as one may use a script NULLFAIL will fix the problem as the script will fail after the patch, due to the use of invalid signature Another option is to throw an exception, instead of |
| The last travis run for this pull request was 241 days ago and is thus outdated. To trigger a fresh travis build, this pull request should be closed and re-opened. |
| Needs rebase |
|
@jl2012 Rebased after #13266 and #18422 at master...adamjonas:pr/13360 if there is interest in continuing to work on this. |
|
Closing for now. Let me know when you want to work on this again |
10 participants
This makes using SIGHASH_SINGLE without a matching output non-standard. Signature of this form is insecure, as it commits to no output while users might think it commits to one. It is even worse in non-segwit scripts, which is effectively NOINPUT|NONE, so any UTXO of the same key could be stolen.
This is one of the earliest unintended consensus behavior which could be fixed with a softfork. The first step is to make it non-standard.