Author [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] Topic: Tx hijack to modify output  (Read 442 times)

0 Members and 1 Guest are viewing this topic.

Offline dacer

  • Full Member
  • ***
  • Posts: 67
    • View Profile
Tx hijack to modify output
« on: December 24, 2013, 09:33:32 AM »

I probably should have asked the question somewhere else, but I feel people here may also want to help me understand this little tech-detail.

I was wondering the whole afternoon today whether it's possible for a peer to change transaction outputs (so all money goes to a middleman address) before relaying the modified version of the transaction to the network? I don't see any mechanism to guarantee the integrity of transactions. This seems to be a problem especially when a client connects just to a couple of peers.


Offline toast

Re: Tx hijack to modify output
« Reply #1 on: December 24, 2013, 10:39:37 PM »
The signature on the transaction won't be valid. Very roughly speaking, a signature is like "decrypting" the plaintext message with the private key. Then anyone can check if the transaction is valid by "encrypting" the signature with the public key and checking that it matches the original message.
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline dacer

  • Full Member
  • ***
  • Posts: 67
    • View Profile
Re: Tx hijack to modify output
« Reply #2 on: December 25, 2013, 06:24:08 AM »
Thank you, toast, I didn't know each tx has its own signature. is it part of the tx hash?

Offline toast

Re: Tx hijack to modify output
« Reply #3 on: December 25, 2013, 06:43:07 AM »
I believe it's a separate field. Check out this page: https://en.bitcoin.it/wiki/Transactions
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline dacer

  • Full Member
  • ***
  • Posts: 67
    • View Profile
Re: Tx hijack to modify output
« Reply #4 on: December 26, 2013, 01:40:41 AM »
toast, I read through the wiki and also peaked some code in the reference client implementation. It seems there is no tx integrity check at all, in other words, a miner seems able to modify tx's outputs. Merckle tree doesn't seem to prevent this from happening.

Offline toast

Re: Tx hijack to modify output
« Reply #5 on: December 26, 2013, 02:21:30 AM »
I dug around in the code a bit, I'm guessing it's part of CScriptCheck:

https://github.com/bitcoin/bitcoin/blob/master/src/main.cpp#L1341

called from CheckInputs right below
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

 

Google+