8
From Nathaniel Popper's “Digital Gold : Bitcoin and the Inside Story of the Misfits and Millionaires Trying to Reinvent Money", this heavily edited (by me, for clarity) excerpt:
“In late July Gavin and Satoshi got an e-mail from ...a programmer from Germany going by the screen name ArtForz, ... had found a previously undiscovered weakness in the code that ...made it possible to spend Bitcoins in someone else’s wallet.”
“For now, don’t call it the ‘1 RETURN’ bug to anyone who doesn’t already know about it,” Satoshi wrote to Gavin.”
What is this 1 RETURN bug? It's obviously been patched, but I'm interested because the book doesn't delve into technical details.
(FWIW, I highly recommend buying this book).
Wow, what a monumental oversight. I'm not versed in C++, so can you clarify what's happening? It looks like if it's a
6a(op_return) push code is encountered, the code breaks, leavingop_trueon the stack, making the Tx valid? – Wizard Of Ozzie – 2015-06-17T16:49:42.937Yes, in the early bitcoin versions
OP_RETURNjust finished the script evaluation without changing the stack value. So, the stack had 1 on the top. The other flaw in that version was concatenating scriptSig and scriptPubkey to one byte array and executing them as one script, not as two consecutive scripts.return EvalScript(txin.scriptSig + CScript(OP_CODESEPARATOR) + txout.scriptPubKey, txTo, nIn, nHashType);The bug was fixed by changingOP_RETURNopcode: now it finishes script execution as 'failed' – amaclin – 2015-06-17T17:08:41.203