[bitcoin-dev] BIP174 amendment proposal (Important Signer Check should be mentioned)

Jonathan Underwood junderwood at bitcoinbank.co.jp
Tue Jul 9 22:21:25 UTC 2019


Hi Andrew,

Ok, I will go ahead and write the amendment and make a PR.

Thanks!
Jon

2019年7月10日(水) 5:26 Andrew Chow <achow101-lists at achow101.com>:

> This was the original intent of the sighash field. Either the sighash is
> acceptable to the signer and the signer signs with it, or they do not sign
> at all.
>
> On 7/9/19 11:58 AM, Jonathan Underwood via bitcoin-dev wrote:
>
> Hi all,
>
> Just to be brief, I'll kick off with an attack scenario.
>
> 1. I am a signer, I get a PSBT that is ready to sign. I parse. I sign
> according to the PSBT as-is.
> 2. I notice my UTXO was stolen by a hacker because they changed my PSBT
> input's sighashtype to SIGHASH_ANYONECANPAY | SIGHASH_NONE and after the
> fact they changed the outputs to send to themselves, and added an input
> they signed with SIGHASH_ALL.
> 3. I lose the BTC in my UTXO.
>
> So we should definitely add to the signer checks "ensure the sighash type
> given is the type of sighash you want to sign." etc.
>
> My proposal for a wording change would be addition to the bullet list:
>
> - If a sighash type is provided, the signer MUST check that the sighash
> type is acceptable to them, and fail signing if unacceptable.
> - If a sighash type is not provided, the signer SHOULD sign using
> SIGHASH_ALL, but may sign with any sighash type they wish.
>
> Any thoughts?
>
> Thanks,
> Jon
>
> --
> -----------------
> Jonathan Underwood
> ビットバンク社 チーフビットコインオフィサー
> -----------------
>
> 暗号化したメッセージをお送りの方は下記の公開鍵をご利用下さい。
>
> 指紋: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20190710/39f055d6/attachment.html>


More information about the bitcoin-dev mailing list