Gavin Andresen [ARCHIVE] on Nostr: š
Original date posted:2011-10-24 šļø Summary of this message: The author ...
š
Original date posted:2011-10-24
šļø Summary of this message: The author suggests checking the scriptSig field of a transaction to calculate the Bitcoin address, but questions its safety due to non-standard scriptPubKey scripts.
š Original message:> So my first shot at this is to go through the inputs of a transaction and
> see if the scriptSig field has only two opcodes. If that is the case, I
> assume that it is of the structure <sig> <pubKey> and calculate the
> Bitcoin address from <pubKey>.
> But then I started to wonder if this is safe. Can this be tricked somehow?
Sure. There are lots of non-standard scriptPubKey scripts that will
validate if given <sig> <pubKey> as input: a simple OP_NOP would work
(do nothing, then check the top value on the stack and validate if it
is not zero-- and <pubKey> is not zero).
If you assume the client has all previous transactions, then you could
get the transaction input's prevout (from the memory pool or disk) and
then ExtractAddress() from it. That is probably a bad idea for
listtransactions, since fetching all the previous inputs from disk
just so you can check to see if they're 'green' violates the "a
feature shouldn't cost anything if it is not being used" design
principle.
You know, just thinking out loud...
Green addresses could be implemented as a second signature in the
scriptSig. You'd have to hack your bitcoin client, but you could
generate a transaction that had <greensig> <sig> <pubKey> ... as the
input instead of <sig> <pubKey>.
The <greensig> will be ignored by old clients. The transactions is
still considered 'standard'. But you could teach bitcoin to look for
<greensig> signatures in wallet transactions...
--
--
Gavin Andresen
Published at
2023-06-07 02:34:52Event JSON
{
"id": "8b96f1ab95e1cc8e71a0018734cdfcddbc3ac94eaa145c4514b57e9fa99849b4",
"pubkey": "857f2f78dc1639e711f5ea703a9fc978e22ebd279abdea1861b7daa833512ee4",
"created_at": 1686105292,
"kind": 1,
"tags": [
[
"e",
"30f32a4839f3515f22b5206d3110e202b851ce295fc65c5314c19fc43658750b",
"",
"root"
],
[
"e",
"13dcb64e7cb6f57c1011adbb58e1dff4d15d58121abf3b3f11c5f515d39e5372",
"",
"reply"
],
[
"p",
"afb2dfc96bfe44c3ee8de2048adba7c222ff46515aae0adcf3c1ba22c37483b8"
]
],
"content": "š
Original date posted:2011-10-24\nšļø Summary of this message: The author suggests checking the scriptSig field of a transaction to calculate the Bitcoin address, but questions its safety due to non-standard scriptPubKey scripts.\nš Original message:\u003e So my first shot at this is to go through the inputs of a transaction and\n\u003e see if the scriptSig field has only two opcodes. If that is the case, I\n\u003e assume that it is of the structure \u003csig\u003e \u003cpubKey\u003e and calculate the\n\u003e Bitcoin address from \u003cpubKey\u003e.\n\u003e But then I started to wonder if this is safe. Can this be tricked somehow?\n\nSure. There are lots of non-standard scriptPubKey scripts that will\nvalidate if given \u003csig\u003e \u003cpubKey\u003e as input: a simple OP_NOP would work\n(do nothing, then check the top value on the stack and validate if it\nis not zero-- and \u003cpubKey\u003e is not zero).\n\nIf you assume the client has all previous transactions, then you could\nget the transaction input's prevout (from the memory pool or disk) and\nthen ExtractAddress() from it. That is probably a bad idea for\nlisttransactions, since fetching all the previous inputs from disk\njust so you can check to see if they're 'green' violates the \"a\nfeature shouldn't cost anything if it is not being used\" design\nprinciple.\n\nYou know, just thinking out loud...\n\nGreen addresses could be implemented as a second signature in the\nscriptSig. You'd have to hack your bitcoin client, but you could\ngenerate a transaction that had \u003cgreensig\u003e \u003csig\u003e \u003cpubKey\u003e ... as the\ninput instead of \u003csig\u003e \u003cpubKey\u003e.\n\nThe \u003cgreensig\u003e will be ignored by old clients. The transactions is\nstill considered 'standard'. But you could teach bitcoin to look for\n\u003cgreensig\u003e signatures in wallet transactions...\n\n-- \n--\nGavin Andresen",
"sig": "2c496615389591f0dc7fcdb95adfc72d4516f7f407f8ae4a1f139afb8735228b6206b680e65bb79aae2677278da1ae703e7dd2a0f8261d6d4c4a36deee1b9575"
}