Author: Peter Todd 2014-11-06 10:38:20
Published on: 2014-11-06T10:38:20+00:00
The current implementation of the STRICTENC flag in git head is allowing unrecognized pubkeys to be accepted into the mempool, resulting in garbage transactions that will never be mined. The issue is caused by the fact that this flag makes pubkey formats it doesn't recognize act as though the signature was invalid, rather than failing the transaction. While this vulnerability has not been shipped in code for v0.9.x IsStandard() transactions, it is unclear if alt-implementations have been affected. The suggested solution is to either change STRICTENC to fail unrecognized pubkeys immediately or to fail the script if the pubkey is non-standard and signature verification succeeds.
Updated on: 2023-06-09T03:50:36.412598+00:00