Closed dcousens closed 7 years ago
tl;dr left
has been allowed to be ambiguous with right
in an unbalanced tree, therefore leading to the implication that an artificially created tree can be created where left
is repeated, and it will result in the same root hash.
Not sure that we can do something here, this bugs comes from design :(
@fanatid thoughts on what we should put in the README then?
@fanatid thoughts on what we should put in the README then?
Yes, definitely.
Added a README warning. https://github.com/bitcoinjs/merkle-lib/commit/2cb00a5c9f13b368d50b1040dacc87450fb08919
See https://github.com/bitcoinjs/merkle-lib/commit/dc3975f020a2b025efb77aea79557f3bd0adef7b for test fixture, and https://bitcointalk.org/?topic=102395 for description.
@fanatid naturally
bitcoinjs-lib
is vulnerable to this due to its lacking consensus model... what are your thoughts?Also, I like using this library outside of
bitcoin
applications, so it'd be nice to not have to worry about such a basic flaw. The issue is this line: https://github.com/bitcoinjs/merkle-lib/blob/master/index.js#L8Thoughts on a fix?