Disallow extended encoding for non-witness transactions #14039

sipa · 2018-08-24T00:08:29Z

BIP144 specifies that transactions without witness should use the legacy encoding, which is currently not enforced.

This rule was present in the original SegWit implementation (#8149), but was subsequently dropped (#8589).

As all hashes, txids, and weights are always computed over a reserialized version of a transaction, it is mostly harmless to permit extended encoding for non-segwit transactions, but I'd rather strictly follow the BIP.

practicalswift · 2018-08-24T09:16:59Z

Concept ACK

Stricter is better (in this case)!

instagibbs · 2018-08-24T12:50:22Z

concept ACK, I discovered this a few months ago, reported it, then forgot to follow up.

instagibbs · 2018-08-24T16:28:53Z

failing decoderaw test: https://travis-ci.org/bitcoin/bitcoin/jobs/419906176#L2871

maflcko · 2018-08-24T18:06:30Z

To fix the test failure you could try rebasing on fae0400

I have no opinion on this change itself. Is there any evidence of other software using this on the p2p or rpc interface? Also note that Bitcoin Core will already normalize the transaction encoding when relaying txs.

laanwj · 2018-08-29T12:21:59Z

concept ACK

Sjors · 2018-09-07T18:22:51Z

Maybe add a test?

gmaxwell · 2019-02-14T20:59:01Z

utACK

instagibbs · 2019-03-21T17:06:54Z

utACK bb530ef

instagibbs · 2019-03-21T17:48:50Z

upgrading to tACK, please @sipa take this test:

instagibbs@7c1ad7c

Fails for me on master, passes with your commit.

stevenroose · 2019-03-22T17:19:10Z

utACK bb530ef
We backported this to Elements already as well: ElementsProject/elements#525

8719c94 Disallow extended encoding for non-witness transactions (Pieter Wuille) Pull request description: Backport from upstream bitcoin/bitcoin#14039 Tree-SHA512: a91810e0afe4d631e2e08cd1bc919e83e3dbdac050f1a66ddc0c6210b222e5813f5b36b27111976e83a4c7683507e4ed06ef475467e1c0e572ccb3d0abc631e4

sdaftuar · 2019-04-25T15:53:39Z

utACK, I think this is ready for merge?

instagibbs · 2019-04-25T15:57:50Z

I can PR my test right after merge

bb530ef Disallow extended encoding for non-witness transactions (Pieter Wuille) Pull request description: BIP144 specifies that transactions without witness should use the legacy encoding, which is currently not enforced. This rule was present in the original SegWit implementation (#8149), but was subsequently dropped (#8589). As all hashes, txids, and weights are always computed over a reserialized version of a transaction, it is mostly harmless to permit extended encoding for non-segwit transactions, but I'd rather strictly follow the BIP. ACKs for commit bb530e: instagibbs: utACK bb530ef stevenroose: utACK bb530ef Tree-SHA512: 1aeccd6a555f43784fefb076ce2e8ad2f5ba7be49840544a50050d0390f82373f87201bf56cf8bb30841b4f9cd893b382261a080da875d4e11ab7051f8640dbe

…ialization cc556e4 Add test for superfluous witness record in deserialization (Gregory Sanders) 25b0786 Fix missing input template by making minimal tx (Gregory Sanders) Pull request description: Adds coverage for changed behavior in bitcoin#14039 ACKs for commit cc556e: MarcoFalke: utACK cc556e4 Tree-SHA512: 3404c8f75e87503983fac5ae27d877309eb3b902f2ec993762911c71610ca449bef0ed98bd17e029414828025b2713e1bd012e63b2a06497e34f1056acaa6321

…actions bb530ef Disallow extended encoding for non-witness transactions (Pieter Wuille) Pull request description: BIP144 specifies that transactions without witness should use the legacy encoding, which is currently not enforced. This rule was present in the original SegWit implementation (bitcoin#8149), but was subsequently dropped (bitcoin#8589). As all hashes, txids, and weights are always computed over a reserialized version of a transaction, it is mostly harmless to permit extended encoding for non-segwit transactions, but I'd rather strictly follow the BIP. ACKs for commit bb530e: instagibbs: utACK bitcoin@bb530ef stevenroose: utACK bb530ef Tree-SHA512: 1aeccd6a555f43784fefb076ce2e8ad2f5ba7be49840544a50050d0390f82373f87201bf56cf8bb30841b4f9cd893b382261a080da875d4e11ab7051f8640dbe

…ialization cc556e4 Add test for superfluous witness record in deserialization (Gregory Sanders) 25b0786 Fix missing input template by making minimal tx (Gregory Sanders) Pull request description: Adds coverage for changed behavior in bitcoin#14039 ACKs for commit cc556e: MarcoFalke: utACK cc556e4 Tree-SHA512: 3404c8f75e87503983fac5ae27d877309eb3b902f2ec993762911c71610ca449bef0ed98bd17e029414828025b2713e1bd012e63b2a06497e34f1056acaa6321

moneyball · 2019-04-29T20:24:49Z

Out of curiosity do we have any sense for whether such misformatted transactions occur and if so with what frequency?

sipa · 2019-04-29T20:37:25Z

@moneyball This is just about the encoding; it's not a properry of the transaction at all. Before this PR, If someone were to use the invalid encoding on a particular P2P link, it would still be propagated in the correct form on further links.

maflcko · 2019-04-29T20:50:38Z

Though, it wouldn't be propagated on p2p after this pull. And also rejected by any RPC call.

fa2b52a Disallow extended encoding for non-witness transactions (take 3) (MarcoFalke) Pull request description: (previous title "p2p: Disallow extended encoding for non-witness transactions (take 3)") Remote peers can send us illegally encoded txs and thus have us write to stderr. Fix that by not writing to stderr. This is a follow up to the previous (incomplete) attempts at this: * Disallow extended encoding for non-witness transactions #14039 * Add test for superfluous witness record in deserialization #15893 ACKs for commit fa2b52: laanwj: utACK fa2b52a ryanofsky: utACK fa2b52a. Would change title to something like "Avoid logging transaction decode errors to stderr" instead of "Disallow extended encoding for non-witness transactions." The current title is confusing because this PR isn't really allowing or disallowing anything, just logging the condition differently. "Disallow" also seems to contradict the "Allow exceptions from..." comments in the actual code. Tree-SHA512: c66990e69b432d00dc1c5510bf976a1188664d0890a32d1e5c6459094e7e27da82a5d227627afcbc203676f5540eec74b7d9b1d71d2c62d3b2069e1781824b4d

Github-Pull: bitcoin#14039 Rebased-From: bb530ef

…stderr fa2b52a Disallow extended encoding for non-witness transactions (take 3) (MarcoFalke) Pull request description: (previous title "p2p: Disallow extended encoding for non-witness transactions (take 3)") Remote peers can send us illegally encoded txs and thus have us write to stderr. Fix that by not writing to stderr. This is a follow up to the previous (incomplete) attempts at this: * Disallow extended encoding for non-witness transactions bitcoin#14039 * Add test for superfluous witness record in deserialization bitcoin#15893 ACKs for commit fa2b52: laanwj: utACK fa2b52a ryanofsky: utACK fa2b52a. Would change title to something like "Avoid logging transaction decode errors to stderr" instead of "Disallow extended encoding for non-witness transactions." The current title is confusing because this PR isn't really allowing or disallowing anything, just logging the condition differently. "Disallow" also seems to contradict the "Allow exceptions from..." comments in the actual code. Tree-SHA512: c66990e69b432d00dc1c5510bf976a1188664d0890a32d1e5c6459094e7e27da82a5d227627afcbc203676f5540eec74b7d9b1d71d2c62d3b2069e1781824b4d

Github-Pull: bitcoin#14039 Rebased-From: bb530ef

…stderr fa2b52a Disallow extended encoding for non-witness transactions (take 3) (MarcoFalke) Pull request description: (previous title "p2p: Disallow extended encoding for non-witness transactions (take 3)") Remote peers can send us illegally encoded txs and thus have us write to stderr. Fix that by not writing to stderr. This is a follow up to the previous (incomplete) attempts at this: * Disallow extended encoding for non-witness transactions bitcoin#14039 * Add test for superfluous witness record in deserialization bitcoin#15893 ACKs for commit fa2b52: laanwj: utACK fa2b52a ryanofsky: utACK fa2b52a. Would change title to something like "Avoid logging transaction decode errors to stderr" instead of "Disallow extended encoding for non-witness transactions." The current title is confusing because this PR isn't really allowing or disallowing anything, just logging the condition differently. "Disallow" also seems to contradict the "Allow exceptions from..." comments in the actual code. Tree-SHA512: c66990e69b432d00dc1c5510bf976a1188664d0890a32d1e5c6459094e7e27da82a5d227627afcbc203676f5540eec74b7d9b1d71d2c62d3b2069e1781824b4d

Disallow extended encoding for non-witness transactions

bb530ef

sipa force-pushed the 201808_no_superfluous_witness branch from cfb10d3 to bb530ef Compare August 24, 2018 00:15

apoelstra mentioned this pull request Aug 24, 2018

Various serialization fixes rust-bitcoin/rust-bitcoin#151

Merged

instagibbs mentioned this pull request Aug 24, 2018

Disallow extended encoding for non-witness transactions ElementsProject/elements#402

Merged

maflcko mentioned this pull request Aug 27, 2018

qa: Add some actual witness in rpc_rawtransaction #14052

Merged

laanwj added the RPC/REST/ZMQ label Aug 31, 2018

maflcko merged commit bb530ef into bitcoin:master Apr 25, 2019

instagibbs mentioned this pull request Apr 25, 2019

Add test for superfluous witness record in deserialization #15893

Merged

maflcko added Needs backport and removed Needs backport labels Apr 26, 2019

maflcko added this to the 0.18.1 milestone Apr 26, 2019

maflcko mentioned this pull request May 13, 2019

p2p: Avoid logging transaction decode errors to stderr #16021

Merged

maflcko pushed a commit to maflcko/bitcoin-core that referenced this pull request May 20, 2019

Disallow extended encoding for non-witness transactions

206f5ee

Github-Pull: bitcoin#14039 Rebased-From: bb530ef

maflcko removed the Needs backport label May 20, 2019

HashUnlimited pushed a commit to HashUnlimited/chaincoin that referenced this pull request Aug 23, 2019

Disallow extended encoding for non-witness transactions

e30fa22

Github-Pull: bitcoin#14039 Rebased-From: bb530ef

Bushstar pushed a commit to Bushstar/omnicore that referenced this pull request Aug 24, 2019

Disallow extended encoding for non-witness transactions

6de72e5

Github-Pull: bitcoin#14039 Rebased-From: bb530ef

bitcoin locked as resolved and limited conversation to collaborators Aug 18, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Disallow extended encoding for non-witness transactions #14039

Disallow extended encoding for non-witness transactions #14039

sipa commented Aug 24, 2018 •

edited

Loading

practicalswift commented Aug 24, 2018 •

edited

Loading

instagibbs commented Aug 24, 2018

instagibbs commented Aug 24, 2018

maflcko commented Aug 24, 2018

laanwj commented Aug 29, 2018

Sjors commented Sep 7, 2018

gmaxwell commented Feb 14, 2019

instagibbs commented Mar 21, 2019

instagibbs commented Mar 21, 2019

stevenroose commented Mar 22, 2019

sdaftuar commented Apr 25, 2019

instagibbs commented Apr 25, 2019

moneyball commented Apr 29, 2019

sipa commented Apr 29, 2019 •

edited

Loading

maflcko commented Apr 29, 2019

Disallow extended encoding for non-witness transactions #14039

Disallow extended encoding for non-witness transactions #14039

Conversation

sipa commented Aug 24, 2018 • edited Loading

practicalswift commented Aug 24, 2018 • edited Loading

instagibbs commented Aug 24, 2018

instagibbs commented Aug 24, 2018

maflcko commented Aug 24, 2018

laanwj commented Aug 29, 2018

Sjors commented Sep 7, 2018

gmaxwell commented Feb 14, 2019

instagibbs commented Mar 21, 2019

instagibbs commented Mar 21, 2019

stevenroose commented Mar 22, 2019

sdaftuar commented Apr 25, 2019

instagibbs commented Apr 25, 2019

moneyball commented Apr 29, 2019

sipa commented Apr 29, 2019 • edited Loading

maflcko commented Apr 29, 2019

sipa commented Aug 24, 2018 •

edited

Loading

practicalswift commented Aug 24, 2018 •

edited

Loading

sipa commented Apr 29, 2019 •

edited

Loading