Add tests for Bitcoin merkle root malleability behavior #1392
Labels
A-consensus
Area: Consensus rule updates
C-enhancement
Category: This is an improvement
C-security
Category: Security issues
I-invalid-data
Zebra relies on invalid or untrusted data, or sends invalid data
Comments
hdevalence
added
A-consensus
mpguerra
added
P-Low
and removed
S-needs-triage
teor2345
added
C-security
|
This is a test we should do for security, but we're unlikely to do it any time soon. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Bitcoin's transaction Merkle trees are badly designed, and suffer from malleability. In #1386 we address this by:
That PR includes unit tests for the Merkle root computation itself, but it does not have integration tests for the verifiers.
Describe the solution you'd like
For the checkpointer: check that blocks with duplicate transactions are rejected, both before and after submission of the canonical block whose hash they collide with;
For the block verifier: take a block which otherwise passes all validation criteria, and duplicate transactions in such a way as to create a colliding block hash. Then, check that this otherwise-valid block is rejected.
The text was updated successfully, but these errors were encountered: