On Fri, Oct 20, 2023 at 05:19:19PM +0000, Fabian via bitcoin-dev wrote: > Hello list, > > on Wednesday I found a potential malleability issue in the UTXO set dump files > generated for and used by assumeutxo [1]. On Thursday morning theStack had > found the cause of the issue [2]: A bug in the serialization of UTXOs for the > calculation of hash_serialized_2. This is the value used by Bitcoin Core to > check if the UTXO set loaded from a dump file matches what is expected. The > value of hash_serialized_2 expected for a particular block is hardcoded into > the chainparams of each chain.
<snip> > [1] https://github.com/bitcoin/bitcoin/issues/28675 > [2] > https://github.com/bitcoin/bitcoin/issues/28675#issuecomment-1770389468[3] > https://github.com/bitcoin/bitcoin/pull/28685 James made the following comment on the above issue: > Wow, good find @fjahr et al. I wonder if there's any value in committing to a > sha256sum of the snapshot file itself in the source code as a > belt-and-suspenders remediation for issues like this. Why *isn't* the sha256 hash of the snapshot file itself the canonical hash? That would obviously eliminate any malleability issues. gettxoutsetinfo already has to walk the entire UTXO set to calculate the hash. Making it simply generate the actual contents of the dump file and calculate the hash of it is the obvious way to implement this. -- https://petertodd.org 'peter'[:-1]@petertodd.org
signature.asc
Description: PGP signature
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
