2
1
are any of the following transaction malleability "attack" vectors currently feasible?
alter scriptsig from:
OP_PUSHDATA <sig> OP_PUSHDATA <pubkey>
to one of:
1) OP_1 OP_SHA1 OP_DROP OP_PUSHDATA <sig> OP_PUSHDATA <pubkey>
2) OP_PUSHDATA <sig> OP_PUSHDATA <pubkey> OP_1 OP_SHA1 OP_DROP
3) OP_PUSHDATA <sig> OP_PUSHDATA <pubkey> OP_NOP
so that the corresponding scriptpubkey still evaluates to true:
OP_DUP OP_HASH160 OP_PUSHDATA <address> OP_EQUALVERIFY OP_CHECKSIG
i can't tell if this is handled by point 6 in bip 62 or not:
- Superfluous scriptSig operations Adding extra data pushes at the start of scripts, which are not consumed by the corresponding scriptPubKey, is also a source of malleability.
judging by the code it looks like it has been taken care of, but my c++ knowledge is not great...
one last one - how about a doubling the scriptsig content:
OP_PUSHDATA <sig> OP_PUSHDATA <pubkey> OP_PUSHDATA <sig> OP_PUSHDATA <pubkey>- i think this would still evaluate to true, right? – mulllhausen – 2015-06-16T00:05:29.9531@mulllhausen Point (6) prevents against that. It would evaluate to true with a typical transaction, but it would be a non-standard and not relayed. For transactions in which bip62 goes into effect, it would evaluate to false, though. – morsecoder – 2015-06-16T00:43:58.520