Closed scravy closed 5 years ago
Just want to share that such change is the most closed PR in Bitcoin https://github.com/bitcoin/bitcoin/search?q=fCheckDuplicateInputs&type=Issues
Before we approve, we should read the reasons why they close it (don't merge) and see how it's aligned with our code.
In bitcoin everything goes back to this comment:
NACK we'll probably re-introduce the optimization at some point, let's avoid the code churn.
Which I 100% do not agree with. There's an answer to that even which says:
IMO leaving unused code that can lead to bugs is worst than code churn. This can be reverted along with proper review/testing once and if necessary.
Which I a 100% do agree with.
but again, this is not applicable anymore since the community had time enough to understand what happened there, and in the end they just removed that.
Yepp. The blog post I am referencing in the description was also written after that.
This removes the
fCheckDuplicateInputs
flag fromCheckTransaction
inconsensus/tx_verify.cpp
.This flag was subject to a CVE in bitcoin (See the full disclosure posting in their blog: https://bitcoincore.org/en/2018/09/20/notice/).
Ever since the CVE was fixed this flag is never passed as
false
and you must not not check it. Also the behavior is not checked with the parameterfalse
in any test, as can be seen from this pull request as no test had to be touched yet everything passes.Signed-off-by: Julian Fleischer julian@thirdhash.com