[bitcoin/bitcoin] [Policy] Reject SIGHASH_SINGLE with output out of bound (#13360)

This makes using SIGHASH_SINGLE without a matching output non-standard. Signature of this form is insecure, as it commits to no output while users might think it commits to one. It is even worse in non-segwit scripts, which is effectively NOINPUT|NONE, so any UTXO of the same key could be stolen.

This is one of the earliest unintended consensus behavior which could be fixed with a softfork. The first step is to make it non-standard.
You can view, comment on, or merge this pull request online at:


— Commit Summary —

* [Policy] Reject SIGHASH_SINGLE with output out of bound

— File Changes —

M src/script/interpreter.cpp (8)
M src/script/interpreter.h (8)
M src/script/sign.cpp (4)
M src/test/data/tx_invalid.json (16)
M src/test/data/tx_valid.json (4)
M src/test/transaction_tests.cpp (1)

— Patch Links —


Добавить комментарий