95277e0311
A fix for transaction malleability This PR fixes transaction malleability by not including the sigscript of transaction inputs and joinsplit sigs when hashing the txid. This PR supercedes PR #1101 which was a minimal solution based on a new serialization flag. This PR introduces GetTxid() to distinguish between getting a transaction id and the double sha256 hash. The key changes are: - Adding GetTxid() method to CTransaction which makes a copy of the transaction, clearing out the sigscript and joinsplitsig fields, before hashing. - Verifying that every call to GetHash() actually wants a txid, and replacing with GetTxid(). - Renaming GetHash() to GetSerializeHash() - Rationale: In future, upstream code we want to merge will use GetHash() but we don't know the intent. We should check to see if the intent is to receive a txid (most likely) in which case we replace with GetTxid(), or if upstream actually wants a double hash of the transaction we can use GetSerializeHash(). - Updated genesis data in chainparams.cpp Note that coinbase transactions are excluded as they need the sigscript hashed to help avoid duplicate txids per BIP34: - This modification is related to a question from @ebfull on PR #1101 - "Can we think of a way this change allows us to construct two transactions with the same txid which can simultaneously appear in the blockchain? My guess is it would be possible to construct a coinbase transaction of such a form... this surely breaks invariants." This PR Passes all tests in test_bitcoin (test data was updated in bloom_tests, miner_tests and script_tests). |
||
---|---|---|
.. | ||
test | ||
crypter.cpp | ||
crypter.h | ||
db.cpp | ||
db.h | ||
rpcdump.cpp | ||
rpcwallet.cpp | ||
wallet.cpp | ||
wallet.h | ||
wallet_ismine.cpp | ||
wallet_ismine.h | ||
walletdb.cpp | ||
walletdb.h |