Title: Multisig TX security Post by: antonimasso on August 25, 2014, 08:09:56 AM Hello,
I'd like to know if there is any security flaw in signing a Multisig TX as follows: 1) Creating the Multisig Address OP_2 PUB_KEY_1 PUB_KEY_2 PUB_KEY_3 OP_3 OP_CHECKMULTISIG 2) Sign TX: { "hash": "0d116745ec35e9ee303ea296bdbca38bc9123b35b4b76e947cb41533c27d9dd7", "ver": 1, "vin_sz": 1, "vout_sz": 1, "lock_time": 0, "size": 340, "in": [ { "prev_out": { "hash": "df2b060fa2e5e9c8ed5eaf6a45c13753ec8c63282b2688322eba40cd98ea067a", "n": "0" }, "scriptSig": "OP_FALSE 304402206a8090be39217ebff730dc6452ad5fcaf7ba692f457b1acd4a44e9c1896db32c02207aa ab831b676640756df1ce408fd581b3bbd3803be739b80b964491f1f3020e901 304502203cb794b1bbf1f697433b6530dbbcc64e9d12c1d19d63b493a3409b59f9fffcac022100c c8077abaca5f51c303e1e34aac0779fc60af9f7fa52edbc7b44b5ac909c6a4101 522103d728ad6757d4784effea04d47baafa216cf474866c2d4dc99b1e8e3eb936e7302102d83bb a35a8022c247b645eed6f81ac41b7c1580de550e7e82c75ad63ee9ac2fd2103aeb681df5ac19e44 9a872b9e9347f1db5a0394d2ec5caf2a9c143f86e232b0d953ae", "sequence": 4294967295 } ], "out": [ { "value": "49.99950000", "scriptPubKey": "OP_DUP OP_HASH160 7faf0c785828c1f87fca32ef071066f60ea100d1 OP_EQUALVERIFY OP_CHECKSIG" } ] } My question is, can this TX be modified to change the output address and amount? Thanks Title: Re: Multisig TX security Post by: amaclin on August 25, 2014, 09:03:51 AM Quote My question is, can this TX be modified to change the output address and amount? Yes. And it still will be invalid. Title: Re: Multisig TX security Post by: antonimasso on August 25, 2014, 09:06:47 AM Ok, so changing the TX outputs is possible, but the signing the TX will result in an invalid TX when sent to the Bitcoin network.
Title: Re: Multisig TX security Post by: amaclin on August 25, 2014, 09:09:25 AM You should sign it with the appropriate private key (15ubicBBWFnvoZLT7GiU2qxjRaKJPdkDMG)
I am sure you are not S.N. ;D Title: Re: Multisig TX security Post by: antonimasso on August 25, 2014, 09:13:11 AM Yeah I know that ;)
Title: Re: Multisig TX security Post by: antonimasso on August 25, 2014, 06:21:28 PM How did you manage to create a new TX & sign my Multisig address?
https://insight.bitpay.com/address/3KZriXF1KJB5edEXwM5TdByaFEtgRd5VyE |