search

bigchaindb / cryptoconditions

A Python implementation of the Crypto-Conditions spec
MIT License
72 stars 41 forks source link

PreimageSha256 validation returns only True can be dangerous #26

Open TimDaub opened 8 years ago

TimDaub commented 8 years ago

See this method: https://github.com/bigchaindb/cryptoconditions/blob/master/cryptoconditions/types/sha256.py#L120

PreimageSha256.validate always yields True, while all other respective types validate by checking external parameters (usually the message parameter). A user would expect that calling .validate on all present fulfillments in a transaction to (at least partially) validate the transaction. However, for a PreimageSha256 fulfillment, a comparison between the input condition and the newly created fulfillment's condition will also have to happen. In BigchainDB, this case is handled here: https://github.com/bigchaindb/bigchaindb/blob/master/bigchaindb/util.py#L458

To avoid pitfalls for users of this library it would be nice if we could force the submission of the input-condition and then yield the respective boolean in the validate method.

diminator commented 8 years ago

shouldn't be an issue, see: https://github.com/interledger/five-bells-condition/blob/master/src/types/preimage-sha256.js#L96