[bitcoin-dev] Dealing with OP_IF and OP_NOTIF malleability
oleganza at gmail.com
Tue Nov 10 10:52:46 UTC 2015
OP_0 gives a zero length byte array because OP_0 == 0x00 which is equivalent to pushdata with zero length.
OP_EQUAL compares byte strings as-is. So it will push "false" because empty string is not the same as a single-byte string with 0x00 byte in it. Value "false" in turn is encoded as empty string, just like result of OP_0.
> On 06 Nov 2015, at 10:37, Tier Nolan via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> wrote:
> I meant not to use the OP_PUSH opcodes to do the push.
> Does OP_0 give a zero length byte array?
> Would this script return true?
> OP_PUSHDATA1 (length = 1, data = 0)
> The easiest definition is that OP_0 and OP_1 must be used to push the data and not any other push opcodes.
> On Fri, Nov 6, 2015 at 9:32 AM, Oleg Andreev <oleganza at gmail.com <mailto:oleganza at gmail.com>> wrote:
> > One and zero should be defined as arrays of length one. Otherwise, it is still possible to mutate the transaction by changing the length of the array.
> > They should also be minimally encoded but that is covered by previous rules.
> These two lines contradict each other. Minimally-encoded "zero" is an array of length zero, not one. I'd suggest defining this explicitly here as "IF/NOTIF argument must be either zero-length array or a single byte 0x01".
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bitcoin-dev