[Lightning-dev] Oversize preimage attack.

Rusty Russell rusty at rustcorp.com.au
Mon May 2 23:39:10 UTC 2016

Olaoluwa Osuntokun <laolu32 at gmail.com> writes:
>>  Or require a 110k preimage to redeem, drop to the blockchain, then
>> redeem it by sending direct to a miner.  A node trying to use that
>> preimage would create a non-standard transaction, which may not
>> propagate.  Similarly with an almost 4MB preimage which requires you
>> to grind out a tiny signature to redeem in a tx small enough...
> Segwit's witness program validation logic ensures that each element of the
> passed witness stack is less-than-or-equal-to the maximum script element
> size (520 bytes). This check is enforced before execution itself.
> Therefore, even without the additional OP_SIZE check, Script will enforce a
> ceiling on the pre-image size.

Right!  I'd missed MAX_SCRIPT_ELEMENT_SIZE, thanks.

> We've also recently made such an observation, resulting in a modification
> to our scripts similar to the one you've detailed. Thanks for sounding the
> alarm with this mailing-list post!

Hmm, are there any other issues you've come across?  Every time I find
something like this I worry what else we've missed :(


More information about the Lightning-dev mailing list