New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security of the checkValueSent function #19

Open

achempion opened this issue Oct 29, 2017 · 1 comment

achempion commented Oct 29, 2017 •

edited

Loading

Due to some Hash160 so-called collisions we cant use checkValueSent function.
For example, we can have two BTC addresses that both have the same Hash 160, for instance:
https://blockchain.info/ru/address/17AXqoGmJ71Noc2hZvDnP1wGPZTVykXsPd
https://blockchain.info/ru/address/37rYmLmCr1Kktmj8h1tNoeJCY5kDaGHpjp

My proposition is that we need to add another argument to specify the type of BTC address (p2p, p2sh or both).

Here we need to check specifically for our type of an address.
https://github.com/rainbreak/solidity-btc-parser/blob/master/src/btc_tx.sol#L286

The text was updated successfully, but these errors were encountered:

achempion changed the title ~~Security of checkValueSent function~~ Security of the checkValueSent function

Owner

rainbreak commented Nov 3, 2017

Thanks for catching this! I won't have time to make a fix any time soon, but if anyone wants to propose a patch thatd be great.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment