consignment validation succeeds despite changed txid in bundle pubWitness #261
Comments
dr-orlovsky
added
question
|
My initial take here is that changing txid affects nothing: txid is generated from the actual transaction data, and the changed value goes nowhere. But I will double-check |
|
If you change a non-terminal id the situation is different though: the id is used spent transaction, and validation breaks. Also, it is only a terminal transaction which is included in full in the consignment - and thus which txid is re-calculated. The rest of transactions rely on txid to extract them from the indexer (electrum, esplora), and changing them thus leads to validation failure. Try to cut out that terminal transaction (replacing it with null) - the validation must fail in this case. |
|
Yet still I believe validation much check this: #262 Please try that branch - it should now fail the validation |
|
Closing as completed in #262 |
We are experiencing an issue on the latest master where a modified consignment (
attack_bundles_pubWitness_data_txid.yamlin the zip) validates correctly even though it's modified from an otherwise valid consignment (consignment_A.yamlin the zip). The only change in the consignment is the txid of one of the pubWitnesses included in bundles, specifically the one referring to the last transaction in the history. Changing txids for transactions other than the last one correctly leads to a validation error, unless also the corresponding prevout is changed to the same txid, in which case validation succeeds (attack_bundles_pubWitness_data_txid_and_prevout.yamlin the zip).I would expect validation code to check consistency between transaction data and txid and this indeed used to be the case at least until rgb-core tag
v0.11.0-beta.6(commitcb6892b6).consignments.zip
The text was updated successfully, but these errors were encountered: