solidity-btc-parser icon indicating copy to clipboard operation
solidity-btc-parser copied to clipboard
Published 8 years ago verified publisher icon rainbreak

Security of the checkValueSent function

Open achempion opened this issue 8 years ago • 1 comments

Due to some Hash160 so-called collisions we cant use checkValueSent function. For example, we can have two BTC addresses that both have the same Hash 160, for instance: https://blockchain.info/ru/address/17AXqoGmJ71Noc2hZvDnP1wGPZTVykXsPd https://blockchain.info/ru/address/37rYmLmCr1Kktmj8h1tNoeJCY5kDaGHpjp

My proposition is that we need to add another argument to specify the type of BTC address (p2p, p2sh or both).

Here we need to check specifically for our type of an address. https://github.com/rainbreak/solidity-btc-parser/blob/master/src/btc_tx.sol#L286

achempion avatar Oct 29 '17 21:10 achempion

Thanks for catching this! I won't have time to make a fix any time soon, but if anyone wants to propose a patch thatd be great.

rainbreak avatar Nov 03 '17 12:11 rainbreak