mirror of
https://github.com/dashpay/dash.git
synced 2024-12-27 13:03:17 +01:00
0da4f596bb
d280617bf569f84457eaea546541dc74c67cd1e4 [qa] Add a test for merkle proof malleation (Suhas Daftuar) ed82f1700006830b6fe34572b66245c1487ccd29 have verifytxoutproof check the number of txns in proof structure (Gregory Sanders) Pull request description: Recent publication of a weakness in Bitcoin's merkle tree construction demonstrates many SPV applications vulnerable to an expensive to pull off yet still plausible attack: https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ This change would at least allow `verifytxoutproof` to properly validate that the proof matches a known block, with known number of transactions any time after the full block is processed. This should neuter the attack entirely. The negative is that a header-only processed block/future syncing mode would cause this to fail until the node has imported the data required. related: #13451 `importprunedfunds` needs this check as well. Can expand it to cover this if people like the idea. Tree-SHA512: 0682ec2b622a38b29f3f635323e0a8b6fc071e8a6fd134c954579926ee7b516e642966bafa667016744ce49c16e19b24dbc8801f982a36ad0a6a4aff6d93f82b |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| authproxy.py | ||
| bignum.py | ||
| blocktools.py | ||
| coverage.py | ||
| key.py | ||
| messages.py | ||
| mininode.py | ||
| netutil.py | ||
| script.py | ||
| siphash.py | ||
| socks5.py | ||
| test_framework.py | ||
| test_node.py | ||
| util.py | ||