Gavin Andresen [ARCHIVE] on Nostr: š Original date posted:2011-10-24 šļø Summary of this message: The author ...
š
Original date posted:2011-10-24
šļø Summary of this message: The author suggests checking the scriptSig field of a transaction to calculate the Bitcoin address, but questions its safety due to non-standard scriptPubKey scripts.
š Original message:> So my first shot at this is to go through the inputs of a transaction and
> see if the scriptSig field has only two opcodes. If that is the case, I
> assume that it is of the structure <sig> <pubKey> and calculate the
> Bitcoin address from <pubKey>.
> But then I started to wonder if this is safe. Can this be tricked somehow?
Sure. There are lots of non-standard scriptPubKey scripts that will
validate if given <sig> <pubKey> as input: a simple OP_NOP would work
(do nothing, then check the top value on the stack and validate if it
is not zero-- and <pubKey> is not zero).
If you assume the client has all previous transactions, then you could
get the transaction input's prevout (from the memory pool or disk) and
then ExtractAddress() from it. That is probably a bad idea for
listtransactions, since fetching all the previous inputs from disk
just so you can check to see if they're 'green' violates the "a
feature shouldn't cost anything if it is not being used" design
principle.
You know, just thinking out loud...
Green addresses could be implemented as a second signature in the
scriptSig. You'd have to hack your bitcoin client, but you could
generate a transaction that had <greensig> <sig> <pubKey> ... as the
input instead of <sig> <pubKey>.
The <greensig> will be ignored by old clients. The transactions is
still considered 'standard'. But you could teach bitcoin to look for
<greensig> signatures in wallet transactions...
--
--
Gavin Andresen
šļø Summary of this message: The author suggests checking the scriptSig field of a transaction to calculate the Bitcoin address, but questions its safety due to non-standard scriptPubKey scripts.
š Original message:> So my first shot at this is to go through the inputs of a transaction and
> see if the scriptSig field has only two opcodes. If that is the case, I
> assume that it is of the structure <sig> <pubKey> and calculate the
> Bitcoin address from <pubKey>.
> But then I started to wonder if this is safe. Can this be tricked somehow?
Sure. There are lots of non-standard scriptPubKey scripts that will
validate if given <sig> <pubKey> as input: a simple OP_NOP would work
(do nothing, then check the top value on the stack and validate if it
is not zero-- and <pubKey> is not zero).
If you assume the client has all previous transactions, then you could
get the transaction input's prevout (from the memory pool or disk) and
then ExtractAddress() from it. That is probably a bad idea for
listtransactions, since fetching all the previous inputs from disk
just so you can check to see if they're 'green' violates the "a
feature shouldn't cost anything if it is not being used" design
principle.
You know, just thinking out loud...
Green addresses could be implemented as a second signature in the
scriptSig. You'd have to hack your bitcoin client, but you could
generate a transaction that had <greensig> <sig> <pubKey> ... as the
input instead of <sig> <pubKey>.
The <greensig> will be ignored by old clients. The transactions is
still considered 'standard'. But you could teach bitcoin to look for
<greensig> signatures in wallet transactions...
--
--
Gavin Andresen