Add warning about the merkle-tree algorithm duplicate txid flaw

Lots of people read the Bitcoin Core codebase to learn more about
crypto; better to warn about flaws explicitly so they don't blindly copy
the code for other uses and create broken systems.
This commit is contained in:
Peter Todd 2014-09-20 12:32:42 -04:00
parent 25308337d6
commit 01c28073ba
No known key found for this signature in database
GPG key ID: 2481403DA5F091FB

View file

@ -226,6 +226,13 @@ uint256 CBlockHeader::GetHash() const
uint256 CBlock::BuildMerkleTree() const
{
// WARNING! If you're reading this because you're learning about crypto
// and/or designing a new system that will use merkle trees, keep in mind
// that the following merkle tree algorithm has a serious flaw related to
// duplicate txids, resulting in a vulnerability. (CVE-2012-2459) Bitcoin
// has since worked around the flaw, but for new applications you should
// use something different; don't just copy-and-paste this code without
// understanding the problem first.
vMerkleTree.clear();
BOOST_FOREACH(const CTransaction& tx, vtx)
vMerkleTree.push_back(tx.GetHash());