[bitcoin-dev] Dealing with OP_IF and OP_NOTIF malleability

Oleg Andreev oleganza at gmail.com
Tue Nov 10 10:52:46 UTC 2015


OP_0 gives a zero length byte array because OP_0 == 0x00 which is equivalent to pushdata with zero length.

OP_EQUAL compares byte strings as-is. So it will push "false" because empty string is not the same as a single-byte string with 0x00 byte in it. Value "false" in turn is encoded as empty string, just like result of OP_0.

> On 06 Nov 2015, at 10:37, Tier Nolan via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> wrote:
> 
> I meant not to use the OP_PUSH opcodes to do the push.
> 
> Does OP_0 give a zero length byte array?
> 
> Would this script return true?
> 
> OP_0
> OP_PUSHDATA1 (length = 1, data = 0)
> OP_EQUAL
> 
> The easiest definition is that OP_0 and OP_1 must be used to push the data and not any other push opcodes.
> 
> 
> On Fri, Nov 6, 2015 at 9:32 AM, Oleg Andreev <oleganza at gmail.com <mailto:oleganza at gmail.com>> wrote:
> 
> > One and zero should be defined as arrays of length one. Otherwise, it is still possible to mutate the transaction by changing the length of the array.
> >
> > They should also be minimally encoded but that is covered by previous rules.
> 
> These two lines contradict each other. Minimally-encoded "zero" is an array of length zero, not one. I'd suggest defining this explicitly here as "IF/NOTIF argument must be either zero-length array or a single byte 0x01".
> 
> 
> 
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20151110/8c16a920/attachment.html>


More information about the bitcoin-dev mailing list