[Lightning-dev] Oversize preimage attack.

Olaoluwa Osuntokun laolu32 at gmail.com
Mon May 2 21:48:19 UTC 2016

>  Or require a 110k preimage to redeem, drop to the blockchain, then
> redeem it by sending direct to a miner.  A node trying to use that
> preimage would create a non-standard transaction, which may not
> propagate.  Similarly with an almost 4MB preimage which requires you
> to grind out a tiny signature to redeem in a tx small enough...

Segwit's witness program validation logic ensures that each element of the
passed witness stack is less-than-or-equal-to the maximum script element
size (520 bytes). This check is enforced before execution itself.
Therefore, even without the additional OP_SIZE check, Script will enforce a
ceiling on the pre-image size.

We've also recently made such an observation, resulting in a modification
to our scripts similar to the one you've detailed. Thanks for sounding the
alarm with this mailing-list post!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20160502/fef7092a/attachment.html>

More information about the Lightning-dev mailing list