[Bitcoin-development] SCRIPT_VERIFY_STRICTENC and CHECKSIG NOT
pete at petertodd.org
Thu Nov 6 10:38:20 UTC 2014
So right now git head will accept the following invalid transaction into
which spends the redeemScript:
That pubkey is valid and accepted by OpenSSL as it's obscure "hybrid"
format. The transaction is invalid because the signature is correct,
causing CHECKSIG to return 1, which is inverted to 0 by the NOT.
However the implementation of the STRICTENC flag simply makes pubkey
formats it doesn't recognize act as through the signature was invalid,
rather than failing the transaction. Similar to the invalid due to too
many sigops DoS attack I found before, this lets you fill up the mempool
with garbage transactions that will never be mined. OTOH I don't see any
way to exploit this in a v0.9.x IsStandard() transaction, so we haven't
shipped code that actually has this vulnerability. (dunno about
I suggest we either change STRICTENC to simply fail unrecognized pubkeys
immediately - similar to how non-standard signatures are treated - or
fail the script if the pubkey is non-standard and signature verification
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 650 bytes
Desc: Digital signature
More information about the bitcoin-dev