[Lightning-dev] Oversize preimage attack.
laolu32 at gmail.com
Mon May 2 21:48:19 UTC 2016
> Or require a 110k preimage to redeem, drop to the blockchain, then
> redeem it by sending direct to a miner. A node trying to use that
> preimage would create a non-standard transaction, which may not
> propagate. Similarly with an almost 4MB preimage which requires you
> to grind out a tiny signature to redeem in a tx small enough...
Segwit's witness program validation logic ensures that each element of the
passed witness stack is less-than-or-equal-to the maximum script element
size (520 bytes). This check is enforced before execution itself.
Therefore, even without the additional OP_SIZE check, Script will enforce a
ceiling on the pre-image size.
We've also recently made such an observation, resulting in a modification
to our scripts similar to the one you've detailed. Thanks for sounding the
alarm with this mailing-list post!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Lightning-dev