Thank you so much for taking time to actually review the codes. I hope you will keep raising questions when you feel something might be wrong. This is how things supposed to work and we should not be affected by some forum discussions.
> On August 26, 2016 at 9:16 AM Sergio Demian Lerner > <sergio.d.ler...@gmail.com> wrote: > > Because there was a discussion on reddit about this topic, I want to > clarify that Johnson Lau explained how a check in the code prevents this > attack. > So there is no real attack. > > Also note that the subject of this thread has a question mark, which > means that I'm asking the community for clarification, not asserting the > existence of a vulnerability. > > The segwit code is complex, and some key parts of the consensus code are > spread over the source files (such as state.CorruptionPossible() relation to > DoS banning, IsNull() check in witness program serialization, etc.). > > Thanks again Johnson for your clarifications. > > > On Wed, Aug 24, 2016 at 10:49 PM, Johnson Lau <jl2...@xbt.hk > mailto:jl2...@xbt.hk > wrote: > > > > > > Adding witness data to a non-segwit script is invalid by consensus: > > > > > > https://github.com/bitcoin/bitcoin/blob/d612837814020ae832499d18e6ee5eb919a87907/src/script/interpreter.cpp#L1467 > > > > https://github.com/bitcoin/bitcoin/blob/d612837814020ae832499d18e6ee5eb919a87907/src/script/interpreter.cpp#L1467 > > > > > > This PR will detect such violation early and ban the peer: > > > > https://github.com/bitcoin/bitcoin/pull/8499 > > https://github.com/bitcoin/bitcoin/pull/8499 > > > > > > > > > > Another approach is to run the scripts of all incoming > > transactions. That's not too bad as you have already fetched the utxos > > which is a major part of validation. > > > > > >
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev