Unbalanced tree can be used to forge a replica balanced tree

bitcoinjs / merkle-lib

A performance conscious library for merkle root and tree calculations.

MIT License

29 stars 17 forks source link

Unbalanced tree can be used to forge a replica balanced tree #1

Closed dcousens closed 7 years ago

dcousens commented 7 years ago

See https://github.com/bitcoinjs/merkle-lib/commit/dc3975f020a2b025efb77aea79557f3bd0adef7b for test fixture, and https://bitcointalk.org/?topic=102395 for description.

@fanatid naturally bitcoinjs-lib is vulnerable to this due to its lacking consensus model... what are your thoughts?

Also, I like using this library outside of bitcoin applications, so it'd be nice to not have to worry about such a basic flaw. The issue is this line: https://github.com/bitcoinjs/merkle-lib/blob/master/index.js#L8

Thoughts on a fix?

dcousens commented 7 years ago

tl;dr left has been allowed to be ambiguous with right in an unbalanced tree, therefore leading to the implication that an artificially created tree can be created where left is repeated, and it will result in the same root hash.

fanatid commented 7 years ago

Not sure that we can do something here, this bugs comes from design :(

dcousens commented 7 years ago

@fanatid thoughts on what we should put in the README then?

fanatid commented 7 years ago

@fanatid thoughts on what we should put in the README then?

Yes, definitely.

dcousens commented 7 years ago

Added a README warning. https://github.com/bitcoinjs/merkle-lib/commit/2cb00a5c9f13b368d50b1040dacc87450fb08919