[Lightning-dev] Oversize preimage attack.
rusty at rustcorp.com.au
Mon May 2 23:39:10 UTC 2016
Olaoluwa Osuntokun <laolu32 at gmail.com> writes:
>> Or require a 110k preimage to redeem, drop to the blockchain, then
>> redeem it by sending direct to a miner. A node trying to use that
>> preimage would create a non-standard transaction, which may not
>> propagate. Similarly with an almost 4MB preimage which requires you
>> to grind out a tiny signature to redeem in a tx small enough...
> Segwit's witness program validation logic ensures that each element of the
> passed witness stack is less-than-or-equal-to the maximum script element
> size (520 bytes). This check is enforced before execution itself.
> Therefore, even without the additional OP_SIZE check, Script will enforce a
> ceiling on the pre-image size.
Right! I'd missed MAX_SCRIPT_ELEMENT_SIZE, thanks.
> We've also recently made such an observation, resulting in a modification
> to our scripts similar to the one you've detailed. Thanks for sounding the
> alarm with this mailing-list post!
Hmm, are there any other issues you've come across? Every time I find
something like this I worry what else we've missed :(
More information about the Lightning-dev