Jonathan Underwood [ARCHIVE] on Nostr: ๐ Original date posted:2019-07-09 ๐ Original message:Hi Andrew, Ok, I will go ...
๐
Original date posted:2019-07-09
๐ Original message:Hi Andrew,
Ok, I will go ahead and write the amendment and make a PR.
Thanks!
Jon
2019ๅนด7ๆ10ๆฅ(ๆฐด) 5:26 Andrew Chow <achow101-lists at achow101.com>:
> This was the original intent of the sighash field. Either the sighash is
> acceptable to the signer and the signer signs with it, or they do not sign
> at all.
>
> On 7/9/19 11:58 AM, Jonathan Underwood via bitcoin-dev wrote:
>
> Hi all,
>
> Just to be brief, I'll kick off with an attack scenario.
>
> 1. I am a signer, I get a PSBT that is ready to sign. I parse. I sign
> according to the PSBT as-is.
> 2. I notice my UTXO was stolen by a hacker because they changed my PSBT
> input's sighashtype to SIGHASH_ANYONECANPAY | SIGHASH_NONE and after the
> fact they changed the outputs to send to themselves, and added an input
> they signed with SIGHASH_ALL.
> 3. I lose the BTC in my UTXO.
>
> So we should definitely add to the signer checks "ensure the sighash type
> given is the type of sighash you want to sign." etc.
>
> My proposal for a wording change would be addition to the bullet list:
>
> - If a sighash type is provided, the signer MUST check that the sighash
> type is acceptable to them, and fail signing if unacceptable.
> - If a sighash type is not provided, the signer SHOULD sign using
> SIGHASH_ALL, but may sign with any sighash type they wish.
>
> Any thoughts?
>
> Thanks,
> Jon
>
> --
> -----------------
> Jonathan Underwood
> ใใใใใณใฏ็คพ ใใผใใใใใณใคใณใชใใฃใตใผ
> -----------------
>
> ๆๅทๅใใใกใใปใผใธใใ้ใใฎๆนใฏไธ่จใฎๅ ฌ้้ตใใๅฉ็จไธใใใ
>
> ๆ็ด: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20190710/39f055d6/attachment.html>;
๐ Original message:Hi Andrew,
Ok, I will go ahead and write the amendment and make a PR.
Thanks!
Jon
2019ๅนด7ๆ10ๆฅ(ๆฐด) 5:26 Andrew Chow <achow101-lists at achow101.com>:
> This was the original intent of the sighash field. Either the sighash is
> acceptable to the signer and the signer signs with it, or they do not sign
> at all.
>
> On 7/9/19 11:58 AM, Jonathan Underwood via bitcoin-dev wrote:
>
> Hi all,
>
> Just to be brief, I'll kick off with an attack scenario.
>
> 1. I am a signer, I get a PSBT that is ready to sign. I parse. I sign
> according to the PSBT as-is.
> 2. I notice my UTXO was stolen by a hacker because they changed my PSBT
> input's sighashtype to SIGHASH_ANYONECANPAY | SIGHASH_NONE and after the
> fact they changed the outputs to send to themselves, and added an input
> they signed with SIGHASH_ALL.
> 3. I lose the BTC in my UTXO.
>
> So we should definitely add to the signer checks "ensure the sighash type
> given is the type of sighash you want to sign." etc.
>
> My proposal for a wording change would be addition to the bullet list:
>
> - If a sighash type is provided, the signer MUST check that the sighash
> type is acceptable to them, and fail signing if unacceptable.
> - If a sighash type is not provided, the signer SHOULD sign using
> SIGHASH_ALL, but may sign with any sighash type they wish.
>
> Any thoughts?
>
> Thanks,
> Jon
>
> --
> -----------------
> Jonathan Underwood
> ใใใใใณใฏ็คพ ใใผใใใใใณใคใณใชใใฃใตใผ
> -----------------
>
> ๆๅทๅใใใกใใปใผใธใใ้ใใฎๆนใฏไธ่จใฎๅ ฌ้้ตใใๅฉ็จไธใใใ
>
> ๆ็ด: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20190710/39f055d6/attachment.html>;