Author: Pieter Wuille 2014-11-06 10:47:29
Published on: 2014-11-06T10:47:29+00:00
In a message dated November 6, 2014, Peter Todd discusses the vulnerability of the STRICTENC flag implementation in the Bitcoin software. The flag only makes public key formats unrecognized by the software be treated as invalid signatures rather than rejecting the transaction entirely. This loophole allows attackers to fill up the mempool with fake transactions that will never be mined. However, Todd finds no way to exploit this vulnerability in version 0.9.x IsStandard() transactions. He suggests changing the STRICTENC flag to fail unrecognized pubkeys immediately or to fail the script if the pubkey is non-standard but the signature verification succeeds. Pieter agrees with Todd's suggestion. The conversation also mentions the lack of softfork safety for the STRICTENC flag.
Updated on: 2023-05-19T19:28:59.277385+00:00