New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security of the checkValueSent function #19

Open
achempion opened this Issue Oct 29, 2017 · 1 comment

Comments

Projects
None yet
2 participants
@achempion

achempion commented Oct 29, 2017

Due to some Hash160 so-called collisions we cant use checkValueSent function.
For example, we can have two BTC addresses that both have the same Hash 160, for instance:
https://blockchain.info/ru/address/17AXqoGmJ71Noc2hZvDnP1wGPZTVykXsPd
https://blockchain.info/ru/address/37rYmLmCr1Kktmj8h1tNoeJCY5kDaGHpjp

My proposition is that we need to add another argument to specify the type of BTC address (p2p, p2sh or both).

Here we need to check specifically for our type of an address.
https://github.com/rainbreak/solidity-btc-parser/blob/master/src/btc_tx.sol#L286

@achempion achempion changed the title from Security of checkValueSent function to Security of the checkValueSent function Oct 29, 2017

@rainbreak

This comment has been minimized.

Show comment
Hide comment
@rainbreak

rainbreak Nov 3, 2017

Owner

Thanks for catching this! I won't have time to make a fix any time soon, but if anyone wants to propose a patch thatd be great.

Owner

rainbreak commented Nov 3, 2017

Thanks for catching this! I won't have time to make a fix any time soon, but if anyone wants to propose a patch thatd be great.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment