Author Topic: Tx hijack to modify output  (Read 3165 times)

0 Members and 1 Guest are viewing this topic.

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
I dug around in the code a bit, I'm guessing it's part of CScriptCheck:

https://github.com/bitcoin/bitcoin/blob/master/src/main.cpp#L1341

called from CheckInputs right below
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline dacer

  • Full Member
  • ***
  • Posts: 67
    • View Profile
toast, I read through the wiki and also peaked some code in the reference client implementation. It seems there is no tx integrity check at all, in other words, a miner seems able to modify tx's outputs. Merckle tree doesn't seem to prevent this from happening.

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
I believe it's a separate field. Check out this page: https://en.bitcoin.it/wiki/Transactions
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline dacer

  • Full Member
  • ***
  • Posts: 67
    • View Profile
Thank you, toast, I didn't know each tx has its own signature. is it part of the tx hash?

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
The signature on the transaction won't be valid. Very roughly speaking, a signature is like "decrypting" the plaintext message with the private key. Then anyone can check if the transaction is valid by "encrypting" the signature with the public key and checking that it matches the original message.
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline dacer

  • Full Member
  • ***
  • Posts: 67
    • View Profile
I probably should have asked the question somewhere else, but I feel people here may also want to help me understand this little tech-detail.

I was wondering the whole afternoon today whether it's possible for a peer to change transaction outputs (so all money goes to a middleman address) before relaying the modified version of the transaction to the network? I don't see any mechanism to guarantee the integrity of transactions. This seems to be a problem especially when a client connects just to a couple of peers.