2
1
This article brought to my attention that SIGHASH flags are 4 bytes long when signed, but only the last byte is actually included in the transaction. Then OP_CHECKSIG adds 3 bytes 0x000000 back on before verifying the signature. The article describes a clever way to introduce a fork using those three truncated bytes -- so why are the SIGHASH flags 4 bytes long in the first place? Is that a design flaw or feature?
Thanks Pieter that makes sense... but then when (in the code) is that int truncated to 1 byte? Is that just to reduce transaction size? – pinhead – 2016-08-18T21:15:57.280
Is it this line right here, casting
– pinhead – 2016-08-19T00:28:09.503nHashTypeas anunsigned char(1 byte): https://github.com/bitcoin/bitcoin/blob/d612837814020ae832499d18e6ee5eb919a87907/src/script/sign.cpp#L322Yes, my assumption is that Bitcoin's creator cared about signature size (although he didn't realize that using DER encoding added 6 bytes for no reason), and used 1 byte for the sighash type there, but didn't care enough to do the same for the sighash calculation. – Pieter Wuille – 2016-08-19T08:29:11.697