Maleability testing?

s2 (OP)

Full Member

Offline

Activity: 198
Merit: 123

Maleability testing?

August 08, 2017, 02:01:29 PM

Does anyone have any scripts or suggestions on how to test malleability issues in my wallet?

I.e. how do people make sure they handle this correctly?

amaclin1

Sr. Member

Offline

Activity: 966
Merit: 383

Re: Maleability testing?

August 08, 2017, 09:13:02 PM

Quote from: s2 on August 08, 2017, 02:01:29 PM

how do people make sure they handle this correctly?

... reading and understanding the program code? Grin

s2 (OP)

Full Member

Offline

Activity: 198
Merit: 123

Re: Maleability testing?

August 09, 2017, 07:39:54 AM

Thanks but I'm interested in knowing what sort of malleability attacks are easy to do that I can test with?

Seems difficult to protect against it without usecases I could try on testnet.

Jolyquinzel

Jr. Member

Offline

Activity: 58
Merit: 10

Re: Maleability testing?

August 12, 2017, 07:01:29 PM

Quote from: amaclin1 on August 08, 2017, 09:13:02 PM

Quote from: s2 on August 08, 2017, 02:01:29 PM

how do people make sure they handle this correctly?

... reading and understanding the program code? Grin

genius
aaand what if u dont understand any in code?

amaclin1

Sr. Member

Offline

Activity: 966
Merit: 383

Re: Maleability testing?

August 14, 2017, 05:40:23 AM

Quote from: Jolyquinzel on August 12, 2017, 07:01:29 PM

Quote from: amaclin1 on August 08, 2017, 09:13:02 PM

Quote from: s2 on August 08, 2017, 02:01:29 PM

how do people make sure they handle this correctly?

... reading and understanding the program code? Grin

genius
aaand what if u dont understand any in code?

you will not understand testing results either Tongue

s2 (OP)

Full Member

Offline

Activity: 198
Merit: 123

Re: Maleability testing?

August 14, 2017, 01:44:55 PM

Anyone actually know how to do this?

This seems like a good read but no obvious script examples.
https://bitcointalk.org/index.php?topic=8392.msg122410#msg122410

amaclin1

Sr. Member

Offline

Activity: 966
Merit: 383

Re: Maleability testing?

August 14, 2017, 02:29:56 PM

Quote from: s2 on August 14, 2017, 01:44:55 PM

Anyone actually know how to do this?

How to do what?
Test your sources for finding malleability issues?
Ready to pay? I am ~~a great pretender~~ expert in malleability

s2 (OP)

Full Member

Offline

Activity: 198
Merit: 123

Re: Maleability testing?

August 29, 2017, 09:27:18 AM

Thanks amaclin1.

I'm looking for steps to do a malleability test. E.g. a python script or steps to issue a double spend using a malleability issue.

The only malleability attack I knew of before was the high/low S value, I'm certain there are others but not sure what they are or where to find them.

Guess what would be awesome is something that can run on testnet which issued two tx's for transferring funds from A->B but had two different txids...

come to mention it, perhaps that's all that is required? I could just sign two identical transactions and issue them at the same time?

amaclin1

Sr. Member

Offline

Activity: 966
Merit: 383

Re: Maleability testing?

August 29, 2017, 10:18:14 AM

Quote from: s2 on August 29, 2017, 09:27:18 AM

come to mention it, perhaps that's all that is required?
I could just sign two identical transactions and issue them at the same time?

This case is not a "true" malleability.
You always can create two transactions spending funds to two different destinations.
And only one will be confirmed.
Usually we care about Man-in-the-Middle. He should not do anything with your data.

There were several sources of malleability for standard (this is important!) bitcoin scripts.
The last was fixed with segwit transactions

tomtomtom7

Jr. Member

Offline

Activity: 38
Merit: 18

Re: Maleability testing?

August 29, 2017, 12:56:24 PM

#10

You could look at the malleability integration test in the Core repo:

https://github.com/bitcoin/bitcoin/blob/master/test/functional/txn_clone.py

Pages: [1]

Bitcoin Forum > Bitcoin > Development & Technical Discussion > Maleability testing?

« previous topic next topic »