On Thu, Nov 6, 2014 at 2:38 AM, Peter Todd <p...@petertodd.org> wrote: > However the implementation of the STRICTENC flag simply makes pubkey > formats it doesn't recognize act as through the signature was invalid, > rather than failing the transaction. Similar to the invalid due to too > many sigops DoS attack I found before, this lets you fill up the mempool > with garbage transactions that will never be mined. OTOH I don't see any > way to exploit this in a v0.9.x IsStandard() transaction, so we haven't > shipped code that actually has this vulnerability. (dunno about > alt-implementations)
Yeah, there's even a comment in script/interpreter.h currently about how STRICTENC is not softfork safe. I didn't realize that this would lead to the mempool accepting invalid transactions (I thought there was a second validity check with the actual consensus rules; if not, maybe we need to add that). > I suggest we either change STRICTENC to simply fail unrecognized pubkeys > immediately - similar to how non-standard signatures are treated - or > fail the script if the pubkey is non-standard and signature verification > succeeds. Sounds good to me, I disliked those semantics too. -- Pieter ------------------------------------------------------------------------------ _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
