Hi Andrew, Ok, I will go ahead and write the amendment and make a PR. Thanks! Jon 2019年7月10日(水) 5:26 Andrew Chow : > This was the original intent of the sighash field. Either the sighash is > acceptable to the signer and the signer signs with it, or they do not sign > at all. > > On 7/9/19 11:58 AM, Jonathan Underwood via bitcoin-dev wrote: > > Hi all, > > Just to be brief, I'll kick off with an attack scenario. > > 1. I am a signer, I get a PSBT that is ready to sign. I parse. I sign > according to the PSBT as-is. > 2. I notice my UTXO was stolen by a hacker because they changed my PSBT > input's sighashtype to SIGHASH_ANYONECANPAY | SIGHASH_NONE and after the > fact they changed the outputs to send to themselves, and added an input > they signed with SIGHASH_ALL. > 3. I lose the BTC in my UTXO. > > So we should definitely add to the signer checks "ensure the sighash type > given is the type of sighash you want to sign." etc. > > My proposal for a wording change would be addition to the bullet list: > > - If a sighash type is provided, the signer MUST check that the sighash > type is acceptable to them, and fail signing if unacceptable. > - If a sighash type is not provided, the signer SHOULD sign using > SIGHASH_ALL, but may sign with any sighash type they wish. > > Any thoughts? > > Thanks, > Jon > > -- > ----------------- > Jonathan Underwood > ビットバンク社 チーフビットコインオフィサー > ----------------- > > 暗号化したメッセージをお送りの方は下記の公開鍵をご利用下さい。 > > 指紋: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3 > > >