protocol vulnerability?

[kzv]

Hi,
I'm learning the basics of Bitcoin protocol and have a question.

When i push raw transaction to the network, all nodes may read it for checking...

If some "bad-hacker" node will save my "scriptSig" for transaction inputs, but will change my "scriptPubKey" for outputs. Then the scammer may send a fake transaction to other nodes and there's a possibility to lose my money?

[1714622757]

1714622757

[1714622757]

1714622757

[1714622757]

1714622757

[1714622757]

1714622757

[1714622757]

1714622757

[1714622757]

1714622757

[achow101]

Hi,
I'm learning the basics of Bitcoin protocol and have a question.

When i push raw transaction to the network, all nodes may read it for checking...

If some "bad-hacker" node will save my "scriptSig" for transaction inputs, but will change my "scriptPubKey" for outputs. Then the scammer may send a fake transaction to other nodes and there's a possibility to lose my money?

Nope, not possible. The scriptsig, if using sighash all (the default), is a signature of the hash of the transaction. If part of the transaction is changed, the hash will no longer match and thus the signature will no longer be valid and thus the transaction ID invalid.

[kzv]

Hi,
I'm learning the basics of Bitcoin protocol and have a question.

When i push raw transaction to the network, all nodes may read it for checking...

If some "bad-hacker" node will save my "scriptSig" for transaction inputs, but will change my "scriptPubKey" for outputs. Then the scammer may send a fake transaction to other nodes and there's a possibility to lose my money?

Nope, not possible. The scriptsig, if using sighash all (the default), is a signature of the hash of the transaction. If part of the transaction is changed, the hash will no longer match and thus the signature will no longer be valid and thus the transaction ID invalid.

Thank you for responce.
Is there any documentation how "scriptSig" is constructing for given transaction?

[achow101]

Nope, not possible. The scriptsig, if using sighash all (the default), is a signature of the hash of the transaction. If part of the transaction is changed, the hash will no longer match and thus the signature will no longer be valid and thus the transaction ID invalid.

Thank you for responce.
Is there any documentation how "scriptSig" is constructing for given transaction?
[/quote]
There is probably something about it on https://bitcoin.org/en/developer-documentation. Otherwise you can look in the code.

[DannyHamilton]

Is there any documentation how "scriptSig" is constructing for given transaction?

http://bitcoin.stackexchange.com/a/5241

https://en.bitcoin.it/w/images/en/7/70/Bitcoin_OpCheckSig_InDetail.png

[kzv]

Nope, not possible. The scriptsig, if using sighash all (the default), is a signature of the hash of the transaction. If part of the transaction is changed, the hash will no longer match and thus the signature will no longer be valid and thus the transaction ID invalid.

Thank you for responce.
Is there any documentation how "scriptSig" is constructing for given transaction?

There is probably something about it on https://bitcoin.org/en/developer-documentation. Otherwise you can look in the code.
[/quote]

Picture from https://bitcoin.org/en/developer-examples#offline-signing



It seems that signed only scriptPubKey for the previous transaction.
"PubKey Script" for the new transaction is not signed and new transaction is not signed too! So anyone may change scriptPubKey for unconfirmed transaction.  

[achow101]

Picture from https://bitcoin.org/en/developer-examples#offline-signing

-snip img-

It seems that signed only scriptPubKey for the previous transaction.
"PubKey Script" for the new transaction is not signed and new transaction is not signed too! So anyone may change scriptPubKey for unconfirmed transaction.  

Nope. Read all of https://bitcoin.org/en/developer-guide#transactions

[DannyHamilton]

Picture from https://bitcoin.org/en/developer-examples#offline-signing

- snip -

It seems that signed only scriptPubKey for the previous transaction.
"PubKey Script" for the new transaction is not signed and new transaction is not signed too! So anyone may change scriptPubKey for unconfirmed transaction.  

Nope.

See all those arrows passing through the "Signed Data" box?  That means all those fields are included in what gets signed.

If you had read the paragraph after the picture, you would have known that there is more signed than just the scriptPubKey...

As illustrated above, the data that gets signed includes the txid and vout from the previous transaction. That information is included in the createrawtransaction raw transaction. But the data that gets signed also includes the pubkey script from the previous transaction, even though it doesn’t appear in either the unsigned or signed transaction.

[hhanh00]

If you had read the paragraph after the picture, you would have known that there is more signed than just the scriptPubKey...

As illustrated above, the data that gets signed includes the txid and vout from the previous transaction. That information is included in the createrawtransaction raw transaction. But the data that gets signed also includes the pubkey script from the previous transaction, even though it doesn’t appear in either the unsigned or signed transaction.

He's concerned that the signature doesn't cover the output of the current transaction - which it does for all signature types besides SIGHASH_NONE.

To be honest, I don't understand this drawing either. This explanation works better for me.

https://en.bitcoin.it/wiki/OP_CHECKSIG

[kzv]

Picture from https://bitcoin.org/en/developer-examples#offline-signing

- snip -

It seems that signed only scriptPubKey for the previous transaction.
"PubKey Script" for the new transaction is not signed and new transaction is not signed too! So anyone may change scriptPubKey for unconfirmed transaction.  

Nope.

See all those arrows passing through the "Signed Data" box?  That means all those fields are included in what gets signed.

If you had read the paragraph after the picture, you would have known that there is more signed than just the scriptPubKey...

As illustrated above, the data that gets signed includes the txid and vout from the previous transaction. That information is included in the createrawtransaction raw transaction. But the data that gets signed also includes the pubkey script from the previous transaction, even though it doesn’t appear in either the unsigned or signed transaction.

I readed this.
ONLY data from the PREVIOUS transaction is signed!
Data in CURRENT transaction is not signet and not protected from changing.
Right?

[achow101]

I readed this.
ONLY data from the PREVIOUS transaction is signed!
Data in CURRENT transaction is not signet and not protected from changing.
Right?

NO! With sighash all, all of the data in the current transaction, except for the signature itself, is signed. This prevents any transaction data from being changed.

[kzv]

I readed this.
ONLY data from the PREVIOUS transaction is signed!
Data in CURRENT transaction is not signet and not protected from changing.
Right?

NO! With sighash all, all of the data in the current transaction, except for the signature itself, is signed. This prevents any transaction data from being changed.

Where this wrote? Give me please link to any document or source code?

Now i can see only

includes the txid and vout from the previous transaction

and

also includes the pubkey script from the previous transaction

[achow101]

I readed this.
ONLY data from the PREVIOUS transaction is signed!
Data in CURRENT transaction is not signet and not protected from changing.
Right?

NO! With sighash all, all of the data in the current transaction, except for the signature itself, is signed. This prevents any transaction data from being changed.

Where this wrote? Give me please link to any document or source code?

Now i can see only

includes the txid and vout from the previous transaction

and

also includes the pubkey script from the previous transaction

See https://bitcoin.org/en/developer-guide#signature-hash-types

It's also in the source somewhere.

[DannyHamilton]

If you had read the paragraph after the picture, you would have known that there is more signed than just the scriptPubKey...

As illustrated above, the data that gets signed includes the txid and vout from the previous transaction. That information is included in the createrawtransaction raw transaction. But the data that gets signed also includes the pubkey script from the previous transaction, even though it doesn’t appear in either the unsigned or signed transaction.

He's concerned that the signature doesn't cover the output of the current transaction

Certainly, but he said it "seems that signed only scriptPubKey", and clearly that isn't true.  Therefore, it should be obvious to him, from reading the paragraph below the drawing, that he misunderstood the drawing.

See all those arrows passing through the "Signed Data" box?  That means all those fields are included in what gets signed.

I readed this.
ONLY data from the PREVIOUS transaction is signed!
Data in CURRENT transaction is not signet and not protected from changing.
Right?

No.  That is not right.

I can't tell if you are failing to pay attention, or if you are just trolling.

With sighash all, all of the data in the current transaction, except for the signature itself, is signed. This prevents any transaction data from being changed.

Which has already been explained 3 times, and several links have been included to provide additional details for better understanding.

I'm beginning to think we are being trolled.

NO! With sighash all, all of the data in the current transaction, except for the signature itself, is signed. This prevents any transaction data from being changed.

Where this wrote? Give me please link to any document or source code?
[/quote]

You have been provided several links.

The source code is in github.  Here:
https://github.com/bitcoin/bitcoin

Now i can see only

includes the txid and vout from the previous transaction

and

also includes the pubkey script from the previous transaction

If that's all you can see in this whole thread, then you are only looking for things that you can take out of context to create confusion.  I'm nearly certain you are just trolling now.

He's been told that the entire transaction is signed multiple times.  He's been supplied with links with additional details about what is signed.  And yet, he carefully searches through posts and links looking for small pieces that he can take out of context and then exclaim that only the inputs are signed.  Nonsense.

[kzv]

Thank you guys.
I realized my mistake. Your links are very useful for me. Sorry for my English ))