Author: Jonathan Underwood 2019-07-09 15:58:56
Published on: 2019-07-09T15:58:56+00:00
In a message posted by Jonathan Underwood, he describes an attack scenario in which a hacker is able to steal BTC from a signer. The attack involved changing the sighashtype of the input to SIGHASH_ANYONECANPAY | SIGHASH_NONE, changing the outputs to send to the hacker's address, and adding an input that they signed with SIGHASH_ALL. As a result, the signer loses their BTC. Underwood suggests adding additional checks for signers, such as ensuring the sighash type provided is acceptable to them. He proposes adding a wording change to the bullet list, stating that if a sighash type is provided, the signer must check if it is acceptable and fail signing if it is not. If a sighash type is not provided, the signer should sign using SIGHASH_ALL but may sign with any sighash type they wish.
Updated on: 2023-06-13T20:01:30.589881+00:00